{"cve":{"cve_id":"CVE-2021-26109","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01823,"epss_percentile":0.75984,"epss_as_of":"2026-06-23","description":"An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.","published_at":"2021-12-08T12:22:19Z","last_modified_at":null,"cvss_v3_score":8.1,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":null,"nvd_references":["https://fortiguard.com/advisory/FG-IR-21-049"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:15:17.887649Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"},{"metric":"E","name":"E","value":"P","value_label":"Physical"},{"metric":"RL","name":"RL","value":"U","value_label":"Unchanged"},{"metric":"RC","name":"RC","value":"C","value_label":"Changed"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"fortinet","vendor_name":"fortinet","product_slug":"fortinet-fortios","product_name":"Fortinet FortiOS","version_start":"FortiOS before 7.0.1","version_start_inclusive":true,"version_end":"FortiOS before 7.0.1","version_end_inclusive":true,"cpe23_uri":"cve5:fortinet:fortinet-fortios:FortiOS before 7.0.1:FortiOS before 7.0.1"}],"exploit_refs":[],"news":[],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-049","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2021-12-08T12:22:19Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-24T00:31:38.771468Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:38.771468Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:38.771468Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:38.771468Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:38.771468Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:38.771468Z","label":"CVSS score revised","source":"vulnrichment"}]}