CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Heap-based buffer overflow in oftpd daemon

unknownCVE-2026-22828
CVSSv3 Score: 7.3 A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation Revised on 2026-04-14 00:00:00

CSIRTS triage

What
A heap-based buffer overflow vulnerability may allow remote unauthenticated attackers to execute arbitrary code.
Who is affected
All users of FortiAnalyzer Cloud.
Urgency
This high-severity vulnerability requires urgent remediation due to the potential for remote code execution.
Action
Patch FortiAnalyzer Cloud to the latest version to mitigate this vulnerability.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch FortiAnalyzer Cloud

Get an email when a new FortiAnalyzer Cloud advisory drops — max one per day, one-click unsubscribe.

Details

Source
Fortinet FortiGuard PSIRT (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-04-14
Exploitation
Not in CISA KEV at last sync

Original advisory: https://fortiguard.fortinet.com/psirt/FG-IR-26-121

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-22828coverage & exploitation statusNVD · CVE.org

Recent advisories for Heap-based buffer overflow

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from Fortinet FortiGuard PSIRT