Fortinet FortiOS ↗
Summary iPlain-English security verdict for Fortinet FortiOS, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Fortinet FortiOS currently scores 0/100 — critical, with active exploitation. 18 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2018-13379. Upgrade immediately and review your exposure to the actively-exploited CVEs below.
Disclosure trend iNew CVEs published for Fortinet FortiOS each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
12 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2018-13379 CRITICAL exploited ransomware Path traversal EPSS 100% → fixed in 6.0.5 CVE-2022-40684 CRITICAL exploited ransomware Improper authentication EPSS 100% → fixed in 7.2.2 CVE-2022-42475 CRITICAL exploited ransomware CWE-197 EPSS 99% → fixed in 7.2.3 CVE-2024-55591 CRITICAL exploited ransomware CWE-288 EPSS 98% → fixed in 7.0.17 CVE-2023-27997 CRITICAL exploited ransomware CWE-122 EPSS 86% → see advisory CVE-2018-13382 CRITICAL exploited ransomware Incorrect authorization EPSS 82% → fixed in 6.0.5 CVE-2024-21762 CRITICAL exploited ransomware Out-of-bounds write EPSS 81% → fixed in 7.4.3 CVE-2025-59718 CRITICAL exploited CWE-347 EPSS 63% → fixed in 7.6.4 CVE-2024-23113 CRITICAL exploited CWE-134 EPSS 62% → see advisory CVE-2026-24858 CRITICAL exploited CWE-288 EPSS 55% → fixed in 7.6.6 CVE-2020-12812 CRITICAL exploited ransomware CWE-178 EPSS 49% → fixed in 6.2.4 CVE-2018-13374 MEDIUM exploited ransomware Incorrect permission assignment EPSS 38% → fixed in 6.0.3See all 270 known Fortinet FortiOS CVEs & security history →
How to patch Fortinet FortiOS — step-by-step to the latest secure version →
Get alerted about Fortinet FortiOS
Be emailed the moment Fortinet FortiOS gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for Fortinet FortiOS — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Fortinet FortiOS release line is supported — and when it sunsets.
Full Fortinet FortiOS end-of-life dates & support timeline →
Frequently asked
Is Fortinet FortiOS safe and patched?
Fortinet FortiOS currently scores 0/100 — critical, with active exploitation. 18 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2018-13379. Upgrade immediately and review your exposure to the actively-exploited CVEs below.
What should I do about Fortinet FortiOS now?
Review the patch-priority list, apply the available fixes (or move to the latest release), and confirm against Fortinet's official advisory. Some issues are under active exploitation, so treat this as urgent.
Which versions of Fortinet FortiOS are still receiving security updates?
Supported Fortinet FortiOS release lines: 8.0, 7.6, 7.4, 7.2. End-of-life releases no longer receive security patches.
lifecycle unknown — needs latest supported version
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Fortinet's official advisory before you patch or upgrade — Fortinet FortiOS official site ↗