Open Redirection via Import CSV option

Open Redirection via Import CSV option Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-26-118 Final 1 1 2026-04-14T00:00:00 Current version 2026-04-14T00:00:00 2026-04-14T00:00:00 An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file. None Execute unauthorized code or commands None Discovered during an independent audit commissioned by Fortinet. FortiNAC-F 7.6.5 FortiNAC-F 7.6.4 FortiNAC-F 7.6.3 FortiNAC-F 7.6.2 FortiNAC-F 7.6.1 FortiNAC-F 7.6.0 FortiNAC-F 7.4.3 FortiNAC-F 7.4.2 FortiNAC-F 7.4.1 FortiNAC-F 7.4.0 FortiNAC-F 7.2.9 FortiNAC-F 7.2.8 FortiNAC-F 7.2.7 FortiNAC-F 7.2.6 FortiNAC-F 7.2.5 FortiNAC-F 7.2.4 FortiNAC-F 7.2.3 FortiNAC-F 7.2.2 FortiNAC-F 7.2.1 FortiNAC-F 7.2.0 Open Redirection via Import CSV option CVE-2026-21741 FortiNAC-F-7.6.5 FortiNAC-F-7.6.4 FortiNAC-F-7.6.3 FortiNAC-F-7.6.2 FortiNAC-F-7.6.1 FortiNAC-F-7.6.0 FortiNAC-F-7.4.3 FortiNAC-F-7.4.2 FortiNAC-F-7.4.1 FortiNAC-F-7.4.0 FortiNAC-F-7.2.9 FortiNAC-F-7.2.8 FortiNAC-F-7.2.7 FortiNAC-F-7.2.6 FortiNAC-F-7.2.5 FortiNAC-F-7.2.4 FortiNAC-F-7.2.3 FortiNAC-F-7.2.2 FortiNAC-F-7.2.1 FortiNAC-F-7.2.0 2.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-26-118 Open Redirection via Import CSV option Reference>