Vulnerability Report

CVE-2026-24018

Title: CVE-2026-24018

Other

Proof Of Concept

PoC Available for CVE-2026-24018

CWE Category CWE-61

Published Date Mar 10, 2026

Modified Date Mar 13, 2026

Exploit Status Available

Score 7.8 CVSS v3.1

Exploit Probability (EPSS)

0.23%

Vulnerability Summary

CVE-2026-24018: A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

Impacted Vendors

fortinet 1

forticlient 1

Reference Links

https://fortiguard.fortinet.com/psirt/FG-IR-26-083

CVSS v3.1

Source Entity [email protected]

Severity HIGH

7.8

Attack Vector

LOCAL

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-24018 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/febin0x10/Fortinet_FortiClient_Exploit_CVE-2026-24018

View Code

March 13, 2026 MODIFIED

Vulnerability data updated via NVD.

March 13, 2026 MODIFIED

Vulnerability data updated via NVD.

March 11, 2026 MODIFIED

Vulnerability data updated via NVD.

March 10, 2026 MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector LOCAL

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.