PSIRT Advisories

FortiMail - path traversal vulnerabilities


Multiple Path traversal vulnerabilities in FortiMail Webmail may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.

Affected Products

FortiMail 6.4.4 and below.
FortiMail 6.2.6 and below.
FortiMail 6.0.10 and below.
FortiMail 5.4.12 and below.


Upgrade to FortiMail 7.0.0.

Upgrade to FortiMail 6.4.5.

Upgrade to FortiMail 6.2.7.

Upgrade to FortiMail 6.0.11.

Fix for version 5.4 to be confirmed.


This issue was discovered by Giuseppe Cocomazzi of the Fortinet PSIRT Team during an internal security assessment.