vulnerability

Fortinet FortiOS: Insufficient Verification of Data Authenticity (CVE-2022-26122)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Nov 2, 2022	Nov 7, 2022	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Nov 2, 2022

Added

Nov 7, 2022

Modified

Aug 11, 2025

Description

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

Solution

fortios-upgrade-latest

References

CVE-2022-26122
https://attackerkb.com/topics/CVE-2022-26122
CWE-345
URL-https://fortiguard.com/psirt/FG-IR-22-074

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today