CVE-2026-24017 | FortiWeb - Web Application Firewall Operational Intel

Executive Risk Summary

"A remote unauthenticated attacker may bypass the authentication rate-limit via crafted requests on FortiWeb versions 8.0.0 through 8.0.2, 7.6.0 through 7.6.5, 7.4.0 through 7.4.10, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. The success of the attack depends on the attacker's resources and the password target complexity."

Operational Audit Arsenal

Target Type Firmware

Target Asset FortiWeb Firmware

Standard Path https://fortiguard.fortinet.com/psirt/FG-IR-26-082

Manual Verification Required

This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.

Patch Impact Forecast

Reboot Required Likely

Potential service disruption during firmware update

Internal Work Notes

Urgent: FortiWeb vulnerability CVE-2026-24017 allows remote unauthenticated attackers to bypass authentication rate-limit, requiring immediate firmware update to prevent potential security breaches.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://fortiguard.fortinet.com/psirt/FG-IR-26-082

Scope of Impact

Fortinet Fortiweb

Original NVD Description

"An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity."

Related Fortinet Threats

CVE-2024-23108 CVSS 10

FortiGate - API

CVE-2024-23109 CVSS 10

FortiGate - API

CVE-2023-34992 CVSS 10

FortiGate - API

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.