Fortinet FortiOS vulnerabilities: known CVEs & security history
Fortinet · Network / Security · 270 tracked CVEs · 18 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Fortinet FortiOS release lines — 270 in total, with 18 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Fortinet FortiOS's current status and the safe version to run.
Known Fortinet FortiOS CVEs
Actively-exploited and most-severe first. Showing the top 80 of 270. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2026-24858⚡ exploited | critical | 9.8 | 55% | 2026 |
| CVE-2025-59718⚡ exploited | critical | 9.8 | 63% | 2025 |
| CVE-2024-55591⚡ exploited | critical | 9.8 | 98% | 2025 |
| CVE-2024-23113⚡ exploited | critical | 9.8 | 62% | 2024 |
| CVE-2024-21762⚡ exploited | critical | 9.8 | 81% | 2024 |
| CVE-2023-27997⚡ exploited | critical | 9.8 | 86% | 2023 |
| CVE-2022-42475⚡ exploited | critical | 9.8 | 99% | 2023 |
| CVE-2022-40684⚡ exploited | critical | 9.8 | 100% | 2022 |
| CVE-2020-12812⚡ exploited | critical | 9.8 | 49% | 2020 |
| CVE-2018-13382⚡ exploited | critical | 9.1 | 82% | 2019 |
| CVE-2018-13379⚡ exploited | critical | 9.1 | 100% | 2019 |
| CVE-2025-24472⚡ exploited | high | 8.1 | 3% | 2025 |
| CVE-2022-41328⚡ exploited | medium | 6.7 | 12% | 2023 |
| CVE-2019-5591⚡ exploited | medium | 6.5 | 19% | 2020 |
| CVE-2019-6693⚡ exploited | medium | 6.5 | 5% | 2019 |
| CVE-2018-13383⚡ exploited | medium | 4.3 | 34% | 2019 |
| CVE-2018-13374⚡ exploited | medium | 4.3 | 38% | 2019 |
| CVE-2021-44168⚡ exploited | low | 3.3 | 1% | 2022 |
| CVE-2025-22252 | critical | 9.8 | 1% | 2025 |
| CVE-2023-25610 | critical | 9.8 | 14% | 2025 |
| CVE-2023-42789 | critical | 9.8 | 3% | 2024 |
| CVE-2023-33308 | critical | 9.8 | 2% | 2023 |
| CVE-2018-1352 | critical | 9.8 | 1% | 2019 |
| CVE-2016-6909 | critical | 9.8 | 50% | 2016 |
| CVE-2016-1909 | critical | 9.8 | 71% | 2016 |
| CVE-2024-48886 | critical | 9 | 0% | 2025 |
| CVE-2021-44171 | critical | 9 | 2% | 2022 |
| CVE-2005-3057 | high | 10 | 3% | 2005 |
| CVE-2015-7361 | high | 9.3 | 3% | 2015 |
| CVE-2025-53844 | high | 8.8 | 1% | 2026 |
| CVE-2024-40591 | high | 8.8 | 1% | 2025 |
| CVE-2023-29181 | high | 8.8 | 1% | 2024 |
| CVE-2023-44250 | high | 8.8 | 1% | 2024 |
| CVE-2023-41678 | high | 8.8 | 1% | 2023 |
| CVE-2022-41330 | high | 8.8 | 1% | 2023 |
| CVE-2022-41335 | high | 8.8 | 1% | 2023 |
| CVE-2022-41334 | high | 8.8 | 1% | 2023 |
| CVE-2018-13371 | high | 8.8 | 1% | 2020 |
| CVE-2025-58325 | high | 8.2 | 0% | 2025 |
| CVE-2022-42476 | high | 8.2 | 0% | 2023 |
| CVE-2026-22153 | high | 8.1 | 1% | 2026 |
| CVE-2025-25249 | high | 8.1 | 1% | 2026 |
| CVE-2024-26009 | high | 8.1 | 1% | 2025 |
| CVE-2024-35279 | high | 8.1 | 1% | 2025 |
| CVE-2023-42790 | high | 8.1 | 1% | 2024 |
| CVE-2023-41841 | high | 8.1 | 1% | 2023 |
| CVE-2022-35843 | high | 8.1 | 1% | 2022 |
| CVE-2021-26109 | high | 8.1 | 2% | 2021 |
| CVE-2018-9185 | high | 8.1 | 2% | 2018 |
| CVE-2024-23112 | high | 8 | 1% | 2024 |
| CVE-2023-29183 | high | 8 | 1% | 2023 |
| CVE-2021-36173 | high | 8 | 1% | 2021 |
| CVE-2024-23110 | high | 7.8 | 0% | 2024 |
| CVE-2022-41327 | high | 7.8 | 0% | 2023 |
| CVE-2022-22299 | high | 7.8 | 0% | 2022 |
| CVE-2021-26110 | high | 7.8 | 0% | 2021 |
| CVE-2015-1452 | high | 7.8 | 2% | 2015 |
| CVE-2005-4570 | high | 7.8 | 2% | 2005 |
| CVE-2025-58413 | high | 7.5 | 0% | 2025 |
| CVE-2025-53843 | high | 7.5 | 1% | 2025 |
| CVE-2025-57740 | high | 7.5 | 1% | 2025 |
| CVE-2025-25253 | high | 7.5 | 0% | 2025 |
| CVE-2024-26013 | high | 7.5 | 0% | 2025 |
| CVE-2023-37930 | high | 7.5 | 0% | 2025 |
| CVE-2024-26006 | high | 7.5 | 1% | 2025 |
| CVE-2024-48884 | high | 7.5 | 14% | 2025 |
| CVE-2024-46670 | high | 7.5 | 1% | 2025 |
| CVE-2024-46668 | high | 7.5 | 1% | 2025 |
| CVE-2023-50176 | high | 7.5 | 1% | 2024 |
| CVE-2024-26010 | high | 7.5 | 1% | 2024 |
| CVE-2023-41677 | high | 7.5 | 1% | 2024 |
| CVE-2023-46717 | high | 7.5 | 1% | 2024 |
| CVE-2023-29180 | high | 7.5 | 3% | 2024 |
| CVE-2023-40718 | high | 7.5 | 0% | 2023 |
| CVE-2023-22640 | high | 7.5 | 1% | 2023 |
| CVE-2022-29055 | high | 7.5 | 1% | 2022 |
| CVE-2021-41024 | high | 7.5 | 2% | 2021 |
| CVE-2021-26108 | high | 7.5 | 1% | 2021 |
| CVE-2019-15705 | high | 7.5 | 1% | 2019 |
| CVE-2019-15703 | high | 7.5 | 1% | 2019 |
190 older / lower-severity CVEs not shown — see Fortinet FortiOS's full record.
Is my Fortinet FortiOS version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Fortinet FortiOS version → · Monitor Fortinet FortiOS for new CVEs →
Fortinet FortiOS vulnerabilities — frequently asked
How many known vulnerabilities does Fortinet FortiOS have?
IsItPatched tracks 270 CVEs for Fortinet FortiOS, 18 of which are actively exploited (CISA KEV). 20 are critical-severity and 65 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Fortinet FortiOS have any actively-exploited vulnerabilities?
Yes — 18 Fortinet FortiOS CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (12 linked to ransomware). Patch these as a priority.
What is the most severe Fortinet FortiOS vulnerability?
Among tracked issues, CVE-2026-24858 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a CWE-288 weakness.
Is Fortinet FortiOS safe to use?
It depends on the version. The latest supported Fortinet FortiOS release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Fortinet FortiOS security status · Fortinet FortiOS end-of-life · actively-exploited CVEs. Always verify against Fortinet's advisories — see our disclaimer.