CVE-2026-24018

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-26-083	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:forticlient::::::linux::*
	cpe:2.3:a:fortinet:forticlient::::::linux::*

History

13 Mar 2026, 19:04

Type	Values Removed	Values Added
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-26-083 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-26-083 - Vendor Advisory
CPE		cpe:2.3:a:fortinet:forticlient::::::linux::*
Summary		(es) Una vulnerabilidad de seguimiento de enlaces simbólicos (Symlink) de UNIX en Fortinet FortiClientLinux 7.4.0 hasta 7.4.4, FortiClientLinux 7.2.2 hasta 7.2.12 puede permitir a un usuario local y no privilegiado escalar sus privilegios a root.
First Time		Fortinet Fortinet forticlient

10 Mar 2026, 18:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 18:18

Updated : 2026-03-13 19:04

NVD link : CVE-2026-24018

Mitre link : CVE-2026-24018

CVE.ORG link : CVE-2026-24018

JSON object : View

Products Affected

fortinet

forticlient

CWE

CWE-61

UNIX Symbolic Link (Symlink) Following

7.8 /10