virus logo PSIRT

Format string vulnerability in fazsvcd

Summary

A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud fazsvcd daemon may allow a remote privileged attacker with admin profile to execute arbitrary code or commands via specially crafted requests.

Version Affected Solution
FortiAnalyzer 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above
FortiAnalyzer 7.4 7.4.0 through 7.4.7 Upgrade to 7.4.8 or above
FortiAnalyzer 7.2 7.2 all versions Migrate to a fixed release
FortiAnalyzer 7.0 7.0 all versions Migrate to a fixed release
FortiAnalyzer Cloud 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above
FortiAnalyzer Cloud 7.4 7.4.0 through 7.4.7 Upgrade to 7.4.8 or above
FortiAnalyzer Cloud 7.2 7.2 all versions Migrate to a fixed release
FortiAnalyzer Cloud 7.0 7.0 all versions Migrate to a fixed release
FortiManager 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above
FortiManager 7.4 7.4.0 through 7.4.7 Upgrade to 7.4.8 or above
FortiManager 7.2 7.2 all versions Migrate to a fixed release
FortiManager 7.0 7.0 all versions Migrate to a fixed release
FortiManager Cloud 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above
FortiManager Cloud 7.4 7.4.0 through 7.4.7 Upgrade to 7.4.8 or above
FortiManager Cloud 7.2 7.2 all versions Migrate to a fixed release
FortiManager Cloud 7.0 7.0 all versions Migrate to a fixed release

Acknowledgement

Internally discovered and reported by David Maciejak of Fortinet Product Security team.

Timeline

2026-03-10: Initial publication
IR Number FG-IR-26-092
Published Date Mar 10, 2026
Component API
Severity Medium
Discovered Internal
Attack Type Authenticated
Known Exploited No
CVSSv3 Score 6.5
Impact Escalation of privilege
CVE ID
Download

CVRF

CSAF