NCSC-2026-0197 [1.00] [M/H] Vulnerability fixed in Fortinet FortiPortal
Fortinet has fixed a vulnerability in FortiPortal versions 7.0 to 7.4.7. The vulnerability concerns the FortiPortal API endpoints, where an external attacker with an organizational user role can access sensitive network configuration data via specially crafted HTTP requests. These issues affect the integrity of the access control mechanisms and can lead to exposure of critical network configuration information to unauthorized users.
CSIRTS triage
- What
- An external attacker can access sensitive network configuration data via specially crafted HTTP requests.
- Who is affected
- Organizations using FortiPortal versions 7.0 to 7.4.7 are affected.
- Urgency
- Remediation is urgent due to the potential exposure of critical network configuration information.
- Action
- Upgrade to the patched version of FortiPortal.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch FortiPortal
Get an email when a new FortiPortal advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0197
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-499380.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-49938 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownImproper access control in API endpointsfortinet
More from NCSC-NL Advisories
- unknownNCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access2026-07-10
- unknownNCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition2026-07-10
- unknownNCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks2026-07-07
- unknownNCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs2026-07-03
- unknownNCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server2026-07-03