CERT-In Issues Critical Advisory for FortiOS and FortiProxy Vulnerabilities

• 04 June, 2026
• No Comments

The Indian Computer Emergency Response Team (CERT-In) has issued a critical severity advisory (CIAD-2026-00XX) regarding multiple vulnerabilities in Fortinet FortiOS and FortiProxy. These vulnerabilities could allow remote attackers to execute arbitrary code, cause denial of service, or bypass authentication on affected systems.

Vulnerability Summary

Multiple stack-based buffer overflow vulnerabilities have been discovered in FortiOS and FortiProxy that could allow an unauthenticated remote attacker to execute arbitrary code by sending specially crafted requests. These vulnerabilities affect all versions prior to the latest patched releases.

Affected Products

• FortiOS 7.6.x — all versions below 7.6.0
• FortiOS 7.4.x — all versions below 7.4.5
• FortiOS 7.2.x — all versions below 7.2.9
• FortiProxy 7.4.x — all versions below 7.4.3
• FortiProxy 7.2.x — all versions below 7.2.9

Recommended Actions

• Immediately upgrade FortiOS to version 7.4.5 or later
• Upgrade FortiProxy to version 7.4.3 or later
• Restrict management access to trusted IP addresses only
• Enable multi-factor authentication on all administrative accounts
• Monitor firewall logs for signs of exploitation attempts

How PJ Networks Can Help

P J Networks provides comprehensive Fortinet security consulting, vulnerability assessments, and managed SOC/NOC services for Indian enterprises. If your organization uses Fortinet products, our team can help you:

• Assess your current FortiOS and FortiProxy versions for vulnerabilities
• Plan and execute patching with minimal downtime
• Harden your Fortinet security posture with configuration reviews
• Provide 24/7 monitoring through our Managed SOC services

Contact PJ Networks today for a vulnerability assessment and ensure your Fortinet infrastructure is protected against these critical vulnerabilities.