Home Fortinet CVE-2026-24018
Back to Fortinet

CVE-2026-24018

FortiClientLinux - Client

Fortinet CVSS 7.8 Updated March 16, 2026

Executive Risk Summary

"A UNIX symbolic link following vulnerability in Fortinet FortiClientLinux may allow a local and unprivileged user to escalate their privileges to root, posing a significant risk to system security. Affected versions include FortiClientLinux 7.4.0 through 7.4.4 and 7.2.2 through 7.2.12."

Operational Audit Arsenal

Target Type Firmware
Target Asset FortiClientLinux
Standard Path /usr/bin/forticlient

Manual Verification Required

This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.

Patch Impact Forecast

Reboot Required Likely

Moderate, as the patch may require a system restart and could potentially cause temporary network disruptions.

Internal Work Notes

CVE-2026-24018: FortiClientLinux Symlink Vulnerability - Local Privilege Escalation

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://fortiguard.fortinet.com/psirt/FG-IR-26-083

Scope of Impact

Fortinet Forticlient

Original NVD Description

"A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root."

Related Fortinet Threats

CVE-2024-23108 CVSS 10

FortiGate - API
CVE-2024-23109 CVSS 10

FortiGate - API
CVE-2023-34992 CVSS 10

FortiGate - API
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.