{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T09:12:49.808","vulnerabilities":[{"cve":{"id":"CVE-2022-26116","sourceIdentifier":"psirt@fortinet.com","published":"2022-05-11T08:15:06.687","lastModified":"2024-11-21T06:53:27.763","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters."},{"lang":"es","value":"Múltiples neutralizaciones inapropiadas de elementos especiales usados en comandos SQL (\"Inyección SQL\") vulnerabilidad [CWE-89] en FortiNAC versiones: 8.3.7 y anteriores, 8.5.2 y anteriores, 8.5.4, 8.6.0, 8.6.5 y anteriores, 8.7.6 y anteriores, 8.8.11 y anteriores, 9.1.5 y anteriores, 9.2.2 y anteriores, pueden permitir a un atacante autenticado ejecutar código o comandos no autorizados por medio de parámetros de cadenas específicamente diseñados"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionEndIncluding":"8.3.7","matchCriteriaId":"7D16EFEF-BB42-4D65-9167-7FE64BE426A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndIncluding":"8.5.2","matchCriteriaId":"9B25CF57-8771-436D-8B57-EE67D9F47570"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionStartIncluding":"8.6.2","versionEndIncluding":"8.6.5","matchCriteriaId":"81E4D361-D753-4931-83A7-9085A1B74425"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionStartIncluding":"8.7.0","versionEndIncluding":"8.7.6","matchCriteriaId":"3BD32B25-76B4-4D6E-BB5C-065070297058"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionStartIncluding":"8.8.0","versionEndIncluding":"8.8.11","matchCriteriaId":"46929BE3-0396-4B8A-9889-9F6CA73FAD4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionStartIncluding":"9.1.0","versionEndIncluding":"9.1.5","matchCriteriaId":"F8D997AC-2BA5-443F-8B71-D4FF637D02B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.0","versionEndIncluding":"9.2.2","matchCriteriaId":"27091163-9FC2-4052-A441-24BD3E020D01"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*","matchCriteriaId":"374069A0-1A0D-45B7-B59D-DA3AA3855444"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*","matchCriteriaId":"C11F0FBF-985B-4053-9B16-AA7173BCCC21"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-22-062","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-22-062","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}