PSIRT Advisories

Fortiweb path traversal vulnerability


A path traversal vulnerability allows an administrator account with read and write privileges to read arbitrary files using the autolearn feature.

Affected Products

FortiWeb 4.4.6 to 5.5.2 with the autolearn feature configured.


Upgrade to FortiWeb 5.5.3.
As a workaround the administrators privileges could be changed to read-only.


Fortinet is pleased to thanks Ewoud Vlasselaer from Dimension Data Belgium for reporting a FortiWeb vulnerability under responsible disclosure.