Nixpkgs security tracker

Untriaged

Permalink CVE-2024-50571

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 3 weeks ago

A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1, …

A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, FortiManager Cloud 7.6.2, 7.4.1 through 7.4.5, 7.2.1 through 7.2.8, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7, FortiAnalyzer Cloud 7.4.1 through 7.4.5, 7.2.1 through 7.2.8, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7, FortiProxy 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.12, 7.0.0 through 7.0.19, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiAnalyzer 7.6.0 through 7.6.2, 7.4.0 through 7.4.5, 7.2.0 through 7.2.8, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, 6.2.0 through 6.2.13, 6.0.0 through 6.0.12, FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, 6.2.0 through 6.2.13, 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via specifically crafted requests.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-442

Affected products

FortiOS

=<7.4.5
=<7.0.16
==7.6.0
=<6.4.15
=<7.2.10

FortiProxy

=<7.0.19
==7.6.0
=<2.0.14
=<1.2.13
=<7.4.6
=<1.0.7
=<1.1.6
=<7.2.12

FortiManager

=<7.4.5
=<6.0.12
=<7.0.13
=<6.2.13
=<7.2.9
=<7.6.1
=<6.4.15

FortiAnalyzer

=<7.4.5
=<7.2.8
=<6.0.12
=<7.0.13
=<6.2.13
=<7.2.9
=<7.6.2
=<6.4.15

FortiManager Cloud

==7.6.2
=<7.4.5
=<6.4.7
=<7.0.13
=<7.2.9

FortiAnalyzer Cloud

=<7.4.5
=<7.2.9
=<6.4.7
=<7.0.13

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-24858

9.4 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 3 weeks ago

An Authentication Bypass Using an Alternate Path or Channel vulnerability …

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-060
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026… government-resource
https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios vendor-advisory

Affected products

FortiOS

=<7.4.10
=<7.6.5
=<7.0.18
=<7.2.12

FortiWeb

=<8.0.3
=<7.6.6
=<7.4.11

FortiProxy

=<7.0.22
=<7.2.15
=<7.6.4
=<7.4.12

FortiManager

=<7.2.11
=<7.6.5
=<7.4.9
=<7.0.15

FortiAnalyzer

=<7.2.11
=<7.6.5
=<7.4.9
=<7.0.15

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2025-25249

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 3 months ago

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through …

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-084

Affected products

FortiOS

=<7.6.2
=<7.2.11
=<7.4.7

FortiSASE

==25.1.a.2

FortiSwitchManager

=<7.2.5

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2025-53843

6.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 3 months ago

A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, …

A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-358

Affected products

FortiOS

=<7.4.8
=<7.6.3
=<7.2.12
=<7.0.18
=<6.4.16

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2025-31366

4.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 3 months ago

An Improper Neutralization of Input During Web Page Generation vulnerability …

An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4.0 through 7.4.9, 7.2 all versions, 7.0 all versions; FortiSASE 25.3.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-542

Affected products

FortiOS

=<7.6.2
=<7.2.12
=<7.0.17
=<7.4.7
=<7.0.18
=<6.4.16

FortiSASE

==25.2.a

FortiProxy

=<7.4.8
=<7.2.15
=<7.0.21
=<7.6.3
=<7.0.22

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2024-47569

4.2 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 3 months ago

A insertion of sensitive information into sent data in Fortinet …

A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, FortiOS 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, 6.0.0 through 6.0.18, FortiWeb 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.11, 7.0.0 through 7.0.11, 6.4.0 through 6.4.3, FortiRecorder 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiNDR 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.5, 7.1.0 through 7.1.1, 7.0.0 through 7.0.7, 1.5.0 through 1.5.3, FortiPAM 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiTester 7.4.0 through 7.4.2, 7.3.0 through 7.3.2, 7.2.0 through 7.2.3, 7.1.0 through 7.1.1, 7.0.0, 4.2.0 through 4.2.1, FortiProxy 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.21, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager 7.6.0 through 7.6.1, 7.4.1 through 7.4.3 allows attacker to disclose sensitive information via specially crafted packets.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-228

Affected products

FortiOS

=<7.2.8
=<7.4.4
==7.6.0
=<7.0.15
=<6.4.15

FortiNDR

=<7.0.7
=<7.2.5
=<7.4.8
=<1.5.3
=<7.1.1
=<7.6.1

FortiPAM

==1.2.0
=<1.3.1
=<1.0.3
=<1.1.2

FortiWeb

=<7.2.11
=<7.2.12
==7.6.0
=<7.4.4
=<6.4.3
=<7.0.11
=<7.0.12

FortiMail

=<7.2.6
=<7.0.9
=<7.4.2

FortiProxy

=<7.0.21
=<7.4.4
=<7.0.23
=<7.0.22
=<7.2.10

FortiVoice

=<7.0.4
=<6.4.9
=<6.0.12

FortiTester

=<7.3.2
==7.0.0
=<7.2.3
=<4.2.1
=<7.1.1
=<7.4.2

FortiManager

=<7.4.3

FortiRecorder

=<7.0.4
=<7.2.1

FortiManager Cloud

=<7.4.3

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2025-58413

6.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 3 months ago

A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, …

A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-632

Affected products

FortiOS

=<7.4.8
=<7.6.3
=<6.0.18
=<6.2.17
=<7.2.12
=<7.0.18
=<6.4.16

FortiSASE

==25.3.b

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2025-47890

2.5 LOW

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 3 months ago

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS …

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions; FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-542

Affected products

FortiOS

=<7.2.12
=<7.4.8
=<7.0.18
=<6.4.16
=<7.6.2
=<7.0.17

FortiSASE

==25.2.a

FortiProxy

=<7.0.21
=<7.0.22
=<7.6.3
=<7.4.11
=<7.2.15
=<7.4.12

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.terraform-providers.fortios

pkgs.python312Packages.fortiosapi

pkgs.python313Packages.fortiosapi

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.terraform-providers.fortios

pkgs.python312Packages.fortiosapi

pkgs.python313Packages.fortiosapi

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.terraform-providers.fortios

pkgs.python312Packages.fortiosapi

pkgs.python313Packages.fortiosapi

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.terraform-providers.fortios

pkgs.python312Packages.fortiosapi

pkgs.python313Packages.fortiosapi

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.terraform-providers.fortios

pkgs.python312Packages.fortiosapi

pkgs.python313Packages.fortiosapi

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.terraform-providers.fortios

pkgs.python312Packages.fortiosapi

pkgs.python313Packages.fortiosapi

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.terraform-providers.fortios

pkgs.python312Packages.fortiosapi

pkgs.python313Packages.fortiosapi

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.terraform-providers.fortios

pkgs.python312Packages.fortiosapi

pkgs.python313Packages.fortiosapi

Package maintainers