Every CVE whose affected-product data names Fortinet Forticlient, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (85)
CVE-2019-17658 — CVSS 9.8 (critical): An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to…
CVE-2023-45590 — CVSS 9.6 (critical): An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3…
CVE-2017-14184 — CVSS 8.8 (high): An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and…
CVE-2020-15934 — CVSS 8.8 (high): An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0…
CVE-2016-8493 — CVSS 8.8 (high): In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.
CVE-2021-43066 — CVSS 8.4 (high): A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and…
CVE-2023-45588 — CVSS 8.2 (high): An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below…
CVE-2021-41028 — CVSS 8.2 (high): A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an…
CVE-2021-44169 — CVSS 8.2 (high): A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below…
CVE-2024-36513 — CVSS 8.2 (high): A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4…
CVE-2024-31492 — CVSS 8.2 (high): An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below…
CVE-2017-7344 — CVSS 8.1 (high): A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting…
CVE-2019-15711 — CVSS 7.8 (high): A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands…
CVE-2015-7362 — CVSS 7.8 (high): Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable…
CVE-2018-13368 — CVSS 7.8 (high): A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands…
CVE-2018-9191 — CVSS 7.8 (high): A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or…
CVE-2018-9193 — CVSS 7.8 (high): A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination…
CVE-2019-17650 — CVSS 7.8 (high): An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a…
CVE-2019-5589 — CVSS 7.8 (high): An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote…
CVE-2019-6692 — CVSS 7.8 (high): A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary…
CVE-2020-9290 — CVSS 7.8 (high): An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control…
CVE-2021-32592 — CVSS 7.8 (high): An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below…
CVE-2021-41031 — CVSS 7.8 (high): A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below…
CVE-2022-40682 — CVSS 7.8 (high): A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an…
CVE-2022-42470 — CVSS 7.8 (high): A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10…
CVE-2023-41840 — CVSS 7.8 (high): A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a…
CVE-2024-47574 — CVSS 7.8 (high): A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0…
CVE-2025-25251 — CVSS 7.8 (high): An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may…
CVE-2025-46373 — CVSS 7.8 (high): A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows…
CVE-2025-47761 — CVSS 7.8 (high): An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3…
CVE-2025-57741 — CVSS 7.8 (high): An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through…
CVE-2026-24018 — CVSS 7.8 (high): A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through…
CVE-2022-26113 — CVSS 7.7 (high): An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0…
CVE-2024-3661 — CVSS 7.6 (high): DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on…
CVE-2017-17543 — CVSS 7.5 (high): Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for…
CVE-2024-40592 — CVSS 7.5 (high): An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below…
CVE-2022-43946 — CVSS 7.5 (high): Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check…
CVE-2025-46774 — CVSS 7.5 (high): An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version…
CVE-2021-36183 — CVSS 7.4 (high): An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local…
CVE-2024-36507 — CVSS 7.3 (high): A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows…
CVE-2023-22635 — CVSS 7.3 (high): A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all…
CVE-2015-5735 — CVSS 7.2 (high): The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow…
CVE-2015-5736 — CVSS 7.2 (high): The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by…
CVE-2015-5737 — CVSS 7.2 (high): The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient…
CVE-2009-1262 — CVSS 7.2 (high): Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format…
CVE-2021-22127 — CVSS 7.1 (high): An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow…
CVE-2025-62676 — CVSS 7.1 (high): An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0…
CVE-2019-16155 — CVSS 7.1 (high): A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files…
CVE-2022-40681 — CVSS 7.1 (high): A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an…
CVE-2022-33877 — CVSS 7.0 (high): An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and…
CVE-2021-44167 — CVSS 6.8 (medium): An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9…
CVE-2024-31489 — CVSS 6.8 (medium): AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11…
CVE-2025-57716 — CVSS 6.7 (medium): An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all…
CVE-2024-40586 — CVSS 6.7 (medium): An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below…
CVE-2024-52968 — CVSS 6.7 (medium): An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty…
CVE-2021-26089 — CVSS 6.7 (medium): An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell…
CVE-2019-16152 — CVSS 6.5 (medium): A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient…
CVE-2019-17652 — CVSS 6.5 (medium): A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient…
CVE-2020-9291 — CVSS 6.3 (medium): An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via…
CVE-2018-9195 — CVSS 5.9 (medium): Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the…
CVE-2025-31365 — CVSS 5.8 (medium): An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through…
CVE-2019-15704 — CVSS 5.5 (medium): A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information…
CVE-2025-54660 — CVSS 5.5 (medium): An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10…
CVE-2019-16150 — CVSS 5.5 (medium): Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows…
CVE-2018-9190 — CVSS 5.5 (medium): A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via…
CVE-2013-4669 — CVSS 5.4 (medium): FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on…
CVE-2015-1453 — CVSS 5.0 (medium): The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for…
CVE-2024-50570 — CVSS 5.0 (medium): A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0…
CVE-2024-54019 — CVSS 4.8 (medium): A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0…
CVE-2022-45856 — CVSS 4.8 (medium): An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4…
CVE-2023-33304 — CVSS 4.4 (medium): A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass…
CVE-2021-43204 — CVSS 4.4 (medium): A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below…
CVE-2021-36167 — CVSS 4.3 (medium): An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow…
CVE-2015-1569 — CVSS 4.3 (medium): Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN…
CVE-2015-1570 — CVSS 4.3 (medium): The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate…
CVE-2021-43205 — CVSS 4.3 (medium): An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below…
CVE-2024-35282 — CVSS 4.2 (medium): A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all…
CVE-2025-24473 — CVSS 3.7 (low): A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through…
CVE-2024-50564 — CVSS 3.3 (low): A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all…
CVE-2023-37939 — CVSS 3.3 (low): An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions…
CVE-2021-42754 — CVSS 3.2 (low): An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow…
CVE-2024-35281 — CVSS 2.5 (low): An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below…
CVE-2026-44278 — CVSS 2.3 (low): A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions…
CVE-2022-33878 — CVSS 2.2 (low): An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5…
CVE-2015-4077 — CVSS 2.1 (low): The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow…