Changeflow GovPing Vulnerability Alerts Fortinet Vulnerabilities Require Immediate Updates
Urgent Notice Added Final

Fortinet Vulnerabilities Require Immediate Updates

Favicon for www.csa.gov.sg CSA Alerts & Advisories (Singapore)
Published March 13th, 2026
Detected March 13th, 2026
Email

Summary

The Cyber Security Agency of Singapore (CSA) has issued an alert regarding high-severity vulnerabilities in multiple Fortinet enterprise products. Users are strongly advised to update affected systems immediately to mitigate risks of unauthorized code execution, authentication bypass, and privilege escalation.

View original document View source feed page

What changed

The Cyber Security Agency of Singapore (CSA) has alerted users and administrators to critical vulnerabilities discovered in various Fortinet enterprise products, including FortiSwitch, FortiWeb, FortiManager, and FortiClientLinux. These vulnerabilities, identified by CVE numbers such as CVE-2026-22627 and CVE-2026-24017, could allow remote attackers to bypass authentication, execute arbitrary commands, or escalate privileges on affected devices.

Organizations utilizing the specified versions of Fortinet products must prioritize immediate updates to the latest available versions. Failure to do so could expose their networks to significant security risks, including unauthorized access and control. This advisory emphasizes the critical need for prompt patch management to maintain system integrity and prevent potential cyberattacks.

What to do next

  1. Identify all affected Fortinet product versions within your environment.
  2. Update all identified affected Fortinet products to the latest available versions immediately.
  3. Consult Fortinet's security advisories for detailed remediation steps.

Source document (simplified)

Alerts

High Severity Vulnerabilities in Fortinet Products

13 March 2026

Fortinet has released a security advisory addressing multiple vulnerabilities across its core enterprise products. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Fortinet has released a security advisory addressing multiple vulnerabilities across its core enterprise products. The vulnerabilities include authentication bypass and buffer overflow flaws that may enable remote attackers to execute arbitrary commands or escalate privileges.

Impact

Successful exploitation of these vulnerabilities could allow:

  • CVE-2026-22627: An unauthenticated attacker within the same adjacent network to execute unauthorised code or commands on the device by sending a crafted Link Layer Discovery Protocol (LLDP) packet.

  • CVE-2026-24017: A remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests.

  • CVE-2025-54820: A remote unauthenticated attacker to execute unauthorised commands via crafted requests, if the service is enabled.

  • CVE-2026-24018: A local and unprivileged user to escalate their privileges to root.
    Affected Products

The following product versions are affected by the vulnerabilities.

For CVE-2026-22627:

  • FortiSwitchAXFixed 1.0.0 through 1.0.1
    For CVE-2026-24017:

  • FortiWeb 8.0.0 through 8.0.2

  • FortiWeb 7.6.0 through 7.6.5

  • FortiWeb 7.4.0 through 7.4.10

  • FortiWeb 7.2.0 through 7.2.11

  • FortiWeb 7.0.0 through 7.0.11
    For CVE-2025-54820:

  • FortiManager 7.4.0 through 7.4.2

  • FortiManager 7.2.0 through 7.2.10

  • FortiManager 6.4 all versions
    For CVE-2026-24018:

  • FortiClientLinux 7.4.0 through 7.4.4

  • FortiClientLinux 7.2.2 through 7.2.12
    Recommendations

Users and administrators of affected product versions are advised to update to the latest versions immediately.

References

https://cybersecuritynews.com/fortinet-security-update-march/

https://fortiguard.fortinet.com/psirt?filter=1&version=&keyword=

https://nvd.nist.gov/vuln/detail/CVE-2026-22627

https://nvd.nist.gov/vuln/detail/CVE-2026-24017

https://nvd.nist.gov/vuln/detail/CVE-2025-54820

https://nvd.nist.gov/vuln/detail/CVE-2026-24018

Back to top

Related changes

Favicon for www.gov.uk Humanitarian Assistance Exception Notification for Petroleum Products
Priority review Mar 13, 2026 OFSI All Publications Trade & Export
Favicon for www.apra.gov.au APRA Releases Quarterly ADI Statistics for December 2025
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.apra.gov.au APRA Statement on Gender Pay Gap
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.cisa.gov CISA Adds Two Exploited Vulnerabilities to KEV Catalog
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.cisa.gov CISA: Ignition Software Vulnerable to Code Execution
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.gao.gov GAO Report on DOD Cybersecurity Maturity Model Certification Program
Priority review Mar 13, 2026 GAO Reports & Testimonies Government Accountability

Source

Favicon for www.csa.gov.sg
CSA Alerts & Advisories (Singapore) csa.gov.sg/alerts-advisories
Vulnerability Alerts
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Published
March 13th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Manufacturers Technology companies
Geographic scope
National (Singapore)

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Product Security Vulnerability Management

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Vulnerability Alerts alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CSA Alerts & Advisories (Singapore) publishes new changes.

Free. Unsubscribe anytime.