SQL Injection via API Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-26-119 Final 1 1 2026-04-14T00:00:00 Current version 2026-04-14T00:00:00 2026-04-14T00:00:00 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiDDoS-F may allow an authenticated attacker to run arbitrary SQL queries on the database by sending crafted HTTP requests. None Execute unauthorized code or commands None Internally discovered and reported by David Maciejak of Fortinet Product Security team. FortiDDoS-F 7.2.2 FortiDDoS-F 7.2.1 CVE-2026-39815 FortiDDoS-F-7.2.2 FortiDDoS-F-7.2.1 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-26-119 SQL Injection via API Reference>