Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiWeb 7.6.5 Release Notes
    7.6.5
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.9.1
    5.8.7
    5.7.3
    5.7.0
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.6.0
    5.6.0
    5.5.7
    5.5.0
    5.5.0
    5.5.0
    5.4.0
    5.4.0
    5.4.0
    5.4.0
    5.1.0
    5.0.1
    5.0.0

    Resolved issues

    Resolved issues

    This section lists issues that have been fixed in version 7.6.5. For inquires about a particular bug, please contact Fortinet Customer Service & Support: https://support.fortinet.com

    Bug ID Description
    1154085 FortiWeb displayed a critical event log stating “DLDB is unauthorized” during FortiGuard update attempts, despite no functional impact. The log level was too severe for routine update failures, leading to unnecessary alerts.
    1154598 SSO login intermittently failed on the first attempt but succeeded on the second without reauthentication. The initial failure was caused by incorrect handling of the SP certificate during the SAML handshake, leading to improper certificate validation and login rejection.
    1158769 HA synchronization failed after adding a Let's Encrypt certificate with a wildcard domain. The certificate was not replicated to the secondary device, causing the primary to remain in INIT state. The issue was due to missing path handling logic specific to wildcard certificates.
    1159549 Connections dropped unexpectedly due to a crash in the proxyd process caused by a memory access error during SSL context cleanup.
    1161319 certd may stop checking for expiring certificates due to file descriptor leaks caused by unfreed BIO objects, leading to a silent failure until the process is restarted.
    1162252 The logdisk size check failed during hardware diagnostics on FortiWeb 100F, despite logging functioning correctly. This was due to the 120GB logdisk not being recognized in the hardware specification.
    1162809 Client scoring was skipped when the action was set to "Erase & No Alert" due to a logic error that tied Client Management scoring to attack log generation instead of detection.
    1163664 Syslog failed to include packet data in traffic logs when disk-based traffic logging was disabled, despite packet logging being enabled in the syslog policy. This occurred because packet data generation was incorrectly tied to the disk logging setting.
    1165664 A memory leak occurred in proxyd, resulting in sustained high memory usage even without traffic. The issue was traced to lingering pthreads that were not properly released. Liveness checks have been added to prevent resource accumulation.
    1167936 Deleting a saved log filter did not immediately remove it from the visible list in the GUI. The filter only disappeared after navigating away from the page or refreshing the browser.
    1168412 When an IP address was blocked via the Block IP List, the attack log incorrectly reported the OWASP category as "API5:2023 Broken Function Level Authorization" instead of "N/A". OWASP mapping for IP-based modules has been updated to reflect that these are unrelated to application-layer vulnerabilities.
    1169907 SNMPv3 message authentication failed with USM timeliness errors, causing valid SNMP queries to be rejected. The issue was related to incorrect time handling in SNMPv3 processing.
    1170397 FortiWeb in active-active high-volume mode continued sending gratuitous ARP for a VIP after it was removed from the traffic distribution configuration, due to stale VIP entries not being marked as inactive.
    1170695 High memory usage could occur on the primary device due to a memory leak in the cookie security module when the action was set to alert. The issue occurred because a custom error page was mistakenly returned during alert handling, leading to unintended memory consumption.
    1170932 FortiWeb could delay or fail to respond to HTTP HEAD requests when certain WAF signatures were enabled. The issue was caused by incorrect handling of HEAD responses with chunked transfer encoding in HTTP/1.

    1172951

    False positives for SQL Injection signatures could occur during file uploads when binary files such as PDFs were scanned by the Signature Detection engine. The issue was triggered by non-printable characters in the file content, leading to unintended matches.

    1173924

    Favorites were missing from the left navigation bar after upgrade due to the system/admin.favorite API returning no data. This caused the Favorites section to appear empty across all supported browsers.

    1177468

    FTP traffic fails after migrating from FortiWeb-100D to 100F. In FTP active mode, the client-to-server data connection does not bind to the expected VIP and server port, causing the session to hang after authentication.

    1177524

    In FortiWeb version 7.6.4, attempting to view a generated report from the GUI resulted in a “Requested URL not found” error. This occurred due to missing HTTP server configuration for the report file path.

    1178228

    Changes to signature exceptions may not apply immediately under high traffic. The update takes effect only after a delay or after HA failover. The issue is caused by configuration writer starvation under the current locking mechanism.

    1179686

    HTTP/2 requests to create a test file on the server failed when the client received no response code. This was caused by the flow control send window not being updated if the HTTP/2 SETTINGS frame was received late in the session.

    1180578

    An authentication bypass occurred when a user accessed a different SAML-protected URL using a cookiesession3 value generated from an incomplete authentication on another URL. The session cookie was incorrectly accepted across SAML contexts.

    1181409

    FortiWeb 7.6.3 fails to import XML scan files generated by FortiDAST. The same files import successfully on FortiWeb 7.4.9 and 8.0.0.

    1183181

    Real Browser Enforcement (RBE) could incorrectly block legitimate users when a custom rule is configured with the bot recognition method set to “Disabled.” In this state, FortiWeb does not send an RBE challenge but still expects a challenge response, causing valid browser sessions to fail and trigger period blocks.

    1183584

    CSRF token JavaScript might fail to load when client management cookies are present, preventing protected pages from displaying. The issue is caused by incorrect token linked list handling in the CSRF check module.

    1187261

    SNMP daemon experienced a memory leak when performing an snmpwalk on the .1.3.6.1.2.1.4.21 table or related OIDs, leading to sustained high memory usage.
    Common Vulnerabilities and Exposures

    For more information, visit https://www.fortiguard.com/psirt.

    Bug ID Description
    1129747 FortiWeb 7.6.5 is no longer vulnerable to the following CVE-Reference: CVE-2025-26466.
    Previous
    Next

    Resolved issues

    Resolved issues

    This section lists issues that have been fixed in version 7.6.5. For inquires about a particular bug, please contact Fortinet Customer Service & Support: https://support.fortinet.com

    Bug ID Description
    1154085 FortiWeb displayed a critical event log stating “DLDB is unauthorized” during FortiGuard update attempts, despite no functional impact. The log level was too severe for routine update failures, leading to unnecessary alerts.
    1154598 SSO login intermittently failed on the first attempt but succeeded on the second without reauthentication. The initial failure was caused by incorrect handling of the SP certificate during the SAML handshake, leading to improper certificate validation and login rejection.
    1158769 HA synchronization failed after adding a Let's Encrypt certificate with a wildcard domain. The certificate was not replicated to the secondary device, causing the primary to remain in INIT state. The issue was due to missing path handling logic specific to wildcard certificates.
    1159549 Connections dropped unexpectedly due to a crash in the proxyd process caused by a memory access error during SSL context cleanup.
    1161319 certd may stop checking for expiring certificates due to file descriptor leaks caused by unfreed BIO objects, leading to a silent failure until the process is restarted.
    1162252 The logdisk size check failed during hardware diagnostics on FortiWeb 100F, despite logging functioning correctly. This was due to the 120GB logdisk not being recognized in the hardware specification.
    1162809 Client scoring was skipped when the action was set to "Erase & No Alert" due to a logic error that tied Client Management scoring to attack log generation instead of detection.
    1163664 Syslog failed to include packet data in traffic logs when disk-based traffic logging was disabled, despite packet logging being enabled in the syslog policy. This occurred because packet data generation was incorrectly tied to the disk logging setting.
    1165664 A memory leak occurred in proxyd, resulting in sustained high memory usage even without traffic. The issue was traced to lingering pthreads that were not properly released. Liveness checks have been added to prevent resource accumulation.
    1167936 Deleting a saved log filter did not immediately remove it from the visible list in the GUI. The filter only disappeared after navigating away from the page or refreshing the browser.
    1168412 When an IP address was blocked via the Block IP List, the attack log incorrectly reported the OWASP category as "API5:2023 Broken Function Level Authorization" instead of "N/A". OWASP mapping for IP-based modules has been updated to reflect that these are unrelated to application-layer vulnerabilities.
    1169907 SNMPv3 message authentication failed with USM timeliness errors, causing valid SNMP queries to be rejected. The issue was related to incorrect time handling in SNMPv3 processing.
    1170397 FortiWeb in active-active high-volume mode continued sending gratuitous ARP for a VIP after it was removed from the traffic distribution configuration, due to stale VIP entries not being marked as inactive.
    1170695 High memory usage could occur on the primary device due to a memory leak in the cookie security module when the action was set to alert. The issue occurred because a custom error page was mistakenly returned during alert handling, leading to unintended memory consumption.
    1170932 FortiWeb could delay or fail to respond to HTTP HEAD requests when certain WAF signatures were enabled. The issue was caused by incorrect handling of HEAD responses with chunked transfer encoding in HTTP/1.

    1172951

    False positives for SQL Injection signatures could occur during file uploads when binary files such as PDFs were scanned by the Signature Detection engine. The issue was triggered by non-printable characters in the file content, leading to unintended matches.

    1173924

    Favorites were missing from the left navigation bar after upgrade due to the system/admin.favorite API returning no data. This caused the Favorites section to appear empty across all supported browsers.

    1177468

    FTP traffic fails after migrating from FortiWeb-100D to 100F. In FTP active mode, the client-to-server data connection does not bind to the expected VIP and server port, causing the session to hang after authentication.

    1177524

    In FortiWeb version 7.6.4, attempting to view a generated report from the GUI resulted in a “Requested URL not found” error. This occurred due to missing HTTP server configuration for the report file path.

    1178228

    Changes to signature exceptions may not apply immediately under high traffic. The update takes effect only after a delay or after HA failover. The issue is caused by configuration writer starvation under the current locking mechanism.

    1179686

    HTTP/2 requests to create a test file on the server failed when the client received no response code. This was caused by the flow control send window not being updated if the HTTP/2 SETTINGS frame was received late in the session.

    1180578

    An authentication bypass occurred when a user accessed a different SAML-protected URL using a cookiesession3 value generated from an incomplete authentication on another URL. The session cookie was incorrectly accepted across SAML contexts.

    1181409

    FortiWeb 7.6.3 fails to import XML scan files generated by FortiDAST. The same files import successfully on FortiWeb 7.4.9 and 8.0.0.

    1183181

    Real Browser Enforcement (RBE) could incorrectly block legitimate users when a custom rule is configured with the bot recognition method set to “Disabled.” In this state, FortiWeb does not send an RBE challenge but still expects a challenge response, causing valid browser sessions to fail and trigger period blocks.

    1183584

    CSRF token JavaScript might fail to load when client management cookies are present, preventing protected pages from displaying. The issue is caused by incorrect token linked list handling in the CSRF check module.

    1187261

    SNMP daemon experienced a memory leak when performing an snmpwalk on the .1.3.6.1.2.1.4.21 table or related OIDs, leading to sustained high memory usage.
    Common Vulnerabilities and Exposures

    For more information, visit https://www.fortiguard.com/psirt.

    Bug ID Description
    1129747 FortiWeb 7.6.5 is no longer vulnerable to the following CVE-Reference: CVE-2025-26466.
    Previous
    Next