threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fortinet forticlient
Product
fortinet forticlient
86 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-44278
>= 7.2.0 and < 7.4.3
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all
2.3
LOW
CVE-2026-24018
>= 7.2.2 and < 7.2.13
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 th
7.8
HIGH
CVE-2025-62676
>= 7.0.0 and < 7.2.13
An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWind
7.1
HIGH
CVE-2025-54660
>= 7.0.0 and < 7.2.11
An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, Fo
5.5
MEDIUM
CVE-2025-47761
>= 7.2.0 and < 7.2.10
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 throu
7.8
HIGH
CVE-2025-46373
>= 7.2.0 and < 7.2.9
A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClient
7.8
HIGH
CVE-2025-57741
>= 7.0.0 and < 7.2.12
An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 thro
7.8
HIGH
CVE-2025-57716
>= 7.0.0 and < 7.2.12
An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0
6.7
MEDIUM
CVE-2025-46774
>= 7.0.0 and < 7.2.10
An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below
7.5
HIGH
CVE-2025-31365
>= 7.2.1 and < 7.2.9
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 t
5.8
MEDIUM
CVE-2024-54019
>= 7.0.0 and < 7.2.7
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6
4.8
MEDIUM
CVE-2025-25251
>= 7.0.0 and < 7.2.9
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.
7.8
HIGH
CVE-2025-24473
>= 7.2.0 and < 7.2.2
A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 th
3.7
LOW
CVE-2024-35281
>= 7.0.0 and < 7.2.9
An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and
2.5
LOW
CVE-2023-45588
>= 7.0.6 and < 7.0.11
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and bel
8.2
HIGH
CVE-2024-52968
>= 7.0.11 and < 7.0.13
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via em
6.7
MEDIUM
CVE-2024-40586
>= 7.0.3 and < 7.0.14
An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13
6.7
MEDIUM
CVE-2024-50564
>= 6.4.0 and < 7.2.9
A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.
3.3
LOW
CVE-2020-15934
>= 6.0.0 and < 6.2.8
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, versio
8.8
HIGH
CVE-2024-50570
>= 7.0.0 and < 7.2.8
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.
5.0
MEDIUM
CVE-2024-47574
>= 6.4.0 and < 7.0.13
A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.
7.8
HIGH
CVE-2024-40592
>= 6.4.0 and < 7.2.5
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and
7.5
HIGH
CVE-2024-36513
>= 6.4.0 and <= 6.4.10
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and bel
8.2
HIGH
CVE-2024-36507
>= 7.0.0 and < 7.0.13
A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0
7.3
HIGH
CVE-2024-35282
>= 6.0.0 and <= 7.2.5
A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0
4.2
MEDIUM
CVE-2024-31489
>= 7.0.0 and < 7.0.12
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, Fort
6.8
MEDIUM
CVE-2022-45856
>= 5.0 and < 7.2.1
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClien
4.8
MEDIUM
CVE-2024-3661
>= 6.4.0 and < 7.2.5
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that r
7.6
HIGH
CVE-2024-31492
>= 7.0.6 and < 7.0.11
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and bel
8.2
HIGH
CVE-2023-45590
>= 7.0.6 and < 7.0.11
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and
9.6
CRITICAL
CVE-2022-40681
>= 6.0.0 and <= 6.0.10
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows
7.1
HIGH
CVE-2023-41840
all versions
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a
7.8
HIGH
CVE-2023-33304
>= 7.0.0 and <= 7.0.9
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker t
4.4
MEDIUM
CVE-2023-37939
>= 6.2.0 and <= 6.2.9
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all v
3.3
LOW
CVE-2022-33877
>= 6.4.0 and <= 6.4.8
An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.
7.0
HIGH
CVE-2023-22635
>= 4.0.0 and <= 5.6.6
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions
7.3
HIGH
CVE-2022-43946
>= 6.0.0 and < 7.0.8
Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-
7.5
HIGH
CVE-2022-42470
>= 6.0.0 and <= 6.0.10
A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 -
7.8
HIGH
CVE-2022-40682
>= 6.0.0 and <= 6.0.10
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows
7.8
HIGH
CVE-2022-33878
>= 7.0.0 and <= 7.0.5
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 throug
2.2
LOW
CVE-2022-26113
>= 6.0.0 and <= 6.0.10
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6
7.7
HIGH
CVE-2021-41031
>= 6.2.0 and <= 6.2.9
A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 an
7.8
HIGH
CVE-2021-43066
>= 6.0.0 and < 6.4.7
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6
8.4
HIGH
CVE-2021-44167
>= 6.0.0 and <= 6.0.8
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below,
6.8
MEDIUM
CVE-2021-22127
< 6.2.9
An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 m
7.1
HIGH
CVE-2021-44169
>= 6.0.0 and <= 6.0.10
A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and b
8.2
HIGH
CVE-2021-43205
>= 6.2.0 and <= 6.2.4
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and b
4.3
MEDIUM
CVE-2021-41028
>= 6.2.0 and <= 6.2.9
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below
8.2
HIGH
CVE-2021-36167
>= 6.4.0 and <= 6.4.6
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below ma
4.3
MEDIUM
CVE-2021-43204
>= 5.0.0 and <= 5.0.11
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and be
4.4
MEDIUM
CVE-2021-32592
>= 6.0.0 and <= 6.0.9
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and
7.8
HIGH
CVE-2021-42754
>= 6.4.0 and <= 6.4.5
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below
3.2
LOW
CVE-2021-36183
>= 6.4.0 and <= 6.4.2
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allo
7.4
HIGH
CVE-2021-26089
<= 6.4.3
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privile
6.7
MEDIUM
CVE-2019-16150
< 6.4.0
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Win
5.5
MEDIUM
CVE-2020-9291
<= 6.0.9
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privil
6.3
MEDIUM
CVE-2020-9290
<= 6.2.3
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with co
7.8
HIGH
CVE-2019-17658
>= 6.0.0 and <= 6.0.9
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an atta
9.8
CRITICAL
CVE-2019-16155
<= 6.2.1
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite sys
7.1
HIGH
CVE-2019-17652
<= 6.2.1
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiC
6.5
MEDIUM
CVE-2019-16152
<= 6.2.1
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause For
6.5
MEDIUM
CVE-2019-15711
<= 6.2.1
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system c
7.8
HIGH
CVE-2019-17650
<= 6.2.1
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, ma
7.8
HIGH
CVE-2019-15704
>= 6.0.0 and <= 6.0.7
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive in
5.5
MEDIUM
CVE-2018-9195
<= 6.2.1
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledg
5.9
MEDIUM
CVE-2019-6692
<= 6.2.0
A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform
7.8
HIGH
CVE-2018-9193
<= 6.0.4
A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the com
7.8
HIGH
CVE-2018-9191
<= 6.0.4
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code o
7.8
HIGH
CVE-2018-13368
<= 6.0.4
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or
7.8
HIGH
CVE-2019-5589
< 6.0.6
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, r
7.8
HIGH
CVE-2019-5585
all versions
An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performa
6.1
MEDIUM
CVE-2018-9190
<= 6.0.2
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of ser
5.5
MEDIUM
CVE-2017-17543
<= 5.6.0
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiCl
7.5
HIGH
CVE-2017-14184
< 5.6.0
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.
8.8
HIGH
CVE-2017-7344
<= 5.4.3
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via ex
8.1
HIGH
CVE-2016-8493
all versions
In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.
8.8
HIGH
CVE-2015-7362
all versions
Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and execut
7.8
HIGH
CVE-2015-5737
<= 5.2.3
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet Fo
CVE-2015-5736
<= 5.2.3
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privilege
CVE-2015-5735
<= 5.2.3
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.
CVE-2015-4077
<= 5.2.3
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.
CVE-2015-1570
all versions
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate c
CVE-2015-1569
all versions
Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoo
CVE-2015-1453
<= 5.2.3.091
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it eas
CVE-2013-4669
<= 4.3.3.445
FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.46
CVE-2009-1262
all versions
Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code vi
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin