Rapid7

vulnerability

Fortinet FortiManager: CVE-2023-47542: FortiManager - Code Injection via Jinja Template

Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
Apr 9, 2024
Added
Jan 20, 2025
Modified
May 25, 2026

Description

An improper neutralization of special elements used in a template engine [CWE-1336] vulnerability in FortiManager provisioning templates may allow a local authenticated attacker with at least read-only permissions to execute arbitrary code via specially crafted templates.

Solution

fortinet-fortimanager-upgrade-latest
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.