No. 발생일 취약점 이름 심각도 CVE 코드 영향받는 제품 1 2026-02-06 SQLi in administrative interface Critical CVE-2026-21643 FortiClientEMS (버전 7.4.4) 2 2026-02-10 XSS via back button High CVE-2025-52436 FortiSandbox 3 2026-02-10 SSL-VPN Symlink Persistence Patch Bypass Medium CVE-2025-68686 FortiOS 7.6, 7.4, 7.2, 7.0, 6.4 (SSL-VPN 활성화 버전) 4 2026-02-10 Request smuggling attack in FortiOS GUI Medium CVE-2025-55018 FortiOS (7.6, 7.4, 7.2, 7.0, 6.4) 5 2026-02-10 Missing authorization on CSV user import Medium CVE-2026-21743 FortiAuthenticator 6.3, 6.4, 6.5, 6.6 6 2026-02-10 LDAP authentication bypass in Agentless VPN and FSSO High CVE-2026-22153 FortiOS 7.6.0 ~ 7.6.4 7 2026-02-10 Format String Vulnerability in CAPWAP fast-failover mode Medium CVE-2025-64157 FortiOS 8 2026-02-10 Firewall policy bypass in FSSO Terminal Services Agent Low CVE-2025-62439 FortiOS FSSO Terminal Services Agent (7.0, 7.2, 7.4, 7.6) 9 2026-02-10 Arbitrary XML file write in FCConfig Medium CVE-2025-62676 FortiClient Windows 7.0, 7.2, 7.4   #1 SQLi in administrative interface • 발생일: 2026-02-06 • CVE: CVE-2026-21643 • 심각도: Critical ---------------------------------------- ? 영향받는 제품 (Affected): FortiClientEMS (버전 7.4.4) ? 해결된 버전 (Solution): 7.4.5 or above ?️ 임시 조치 (Workaround): N/A (업그레이드 권고) ---------------------------------------- ? 내용 요약: FortiClientEMS의 관리 인터페이스(GUI)에서 SQL Injection(CWE-89) 취약점이 발견되었습니다. 이 취약점을 이용하면 인증되지 않은 공격자가 특별히 제작된 HTTP 요청을 통해 무단 코드 실행 또는 명령을 실행할 수 있습니다. 해당 취약점은 CVSSv3 점수 9.1점의 심각(Critical) 수준입니다.  ? 원문 링크: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 #2 XSS via back button • 발생일: 2026-02-10 • CVE: CVE-2025-52436 • 심각도: High ---------------------------------------- ? 영향받는 제품 (Affected): FortiSandbox ? 해결된 버전 (Solution): 5.0.2 (PaaS 5.0.5), 4.4.8 및 상위 버전 ?️ 임시 조치 (Workaround): 현재 알려진 임시 조치 없음 (해결 버전으로 업그레이드 권고) ---------------------------------------- ? 내용 요약: FortiSandbox의 웹 페이지 생성 과정에서 발생하는 교차 ...

2026.02.09 update ● Product / Platform Lifecycle Hardware 지원 OS End Of Sale End Of Maintenance  (+24 Months) End Of Support  (+12 Months) After End Of Support  (기간은 모델별 다름) 2~3 series 21.x / 22.x / 23.x / 24.x / 25.3.8 2012-09-30 2014-09-30 2016-12-30 종료 4416 26.x / 27.x / 28.x / 29.x / 30.x 2015-07-31 2017-07-31 2018-07-31 2021-07-31 / 종료 4208 32.x / 33.x / 34.x 계획없음 4408 26.x / 27.x / 28.x / 29.x / 30.x 2019-01-31 2021-01-31 2022-01-31 2023-01-31 / 종료 4024 26.x / 27.x / 28.x / 29.x / 30.x / 31.x / 32.x 2021-03-10 2023-03-10 2024-03-10 2025-03-31 / 종료 5224 26.x / 27.x / 28.x / 29.x / 30.x / 31.x / 32.x 2021-03-10 2023-03-10 2024-03-10 2025-03-31 / 종료 5208 29.x / 30.x / 31.x / 32.x / 33.x / 34.x 계획없음 4028/5424/5820 32.x / 33.x / 34.x 계획없음 5412 26.x / 27.x / 28.x / 29.x / 30.x 2021-10-31 2023-10-31 2024-10-31 종료 6020/6420 29.5.x / 30.x / 31.x / 32.x 2023-05-22 2025-05-22 2026-05-22 미정 6024 30.5.x / 31.x / 32.x / 33.x / 34.x 2026-05-03 2028-05-03 2029-05-03 미정 6300 34.x 계획없음 7612/7220 32.x / 33.x / 34.x  2024-11-28 2026-11-28 2027-11-28 미정 7100/7700 33.5.x / 34.x 계획없음 8420 30.x / 31.x / 32.x 2023-05-22 2025-05-22 2026-05-22 미정 9800 32.x / 33.x / 34.x  계획없음 # After End of Support - Radware 의 수리부품 재고 소진완료시 까지 하드웨어 RMA 추가 지원 기간 - AEOS 지원 유무는 해당 모델의 EOS 1달전 정도의 시점에 결정되며 1년 단위로 추가 지원 갱신 결정

Content Description When upgrading Alteon images through WBM or Cyber Controller, the upload sometimes fails and returns the following error message: 406 Not Acceptable : ProcessMultipart: internal header too long Affected Versions 33.0.18.0, 33.5.14.0, 34.0.10.0, 34.5.5.0 and later Solution Upgrade to one of the versions mentioned in ETA for fix. Workaround Upgrade from the CLI. ETA for fix  The fix is scheduled to be available in the following releases: 33.0.20.0 33.5.16.0 34.0.12.0 34.5.7.0 35.0.0.0

Content Description The reboots are related to POST requests with an "Expect: 100-continue"  header combined with enabled traffic events, where the server sends a response after the connection is closed due to a bug. Affected Versions 34.5.5.0 34.0.10.0 33.5.14.0 33.0.18.0 Bug ID AL-153133 AL-153128 Workaround Temporarily disable traffic events until you upgrade to the Q4 2025 releases (see Fixed versions). After upgrade, traffic events can be re-enabled. Note: If possible, avoid upgrading to the affected versions. Fixed Versions  The fix for this issue is in the following versions: 34.5.6.0 34.0.11.0 33.5.15.0 33.0.19.0

Content Description After upgrading Alteon to version 33.0.19.0 on all Alteon platforms: Drop-down suggestion lists are not populated or only partially populated when viewing or editing existing configuration objects (such as services, real servers, or other existing entries). Some WBM pages or actions related to existing configuration objects may return an HTTP 404 Not Found error. The behavior is typically observed when editing or managing an existing configuration rather than when creating new objects. In many cases, creating a new service still displays the expected drop-down values, while editing an existing service fails to display the full list or leads to 404 errors. The data plane and configuration itself continue to operate; the issue is limited to the WBM. This is a software defect specific to the Alteon version 33.0.19.0 WBM. Solution To avoid unintentional downloads of version 33.0.19.0, it was removed from the Radware portal. Upgrade Alteon to version 33.0.19.10 or a later release that contains the fix for this issue. Workaround Use the CLI to manage and modify existing configuration objects where feasible. Use the WBM primarily for creating new objects that are not impacted by the defect. ETA for fix  The fix for this WebUI issue is scheduled to be delivered in Alteon version 33.0.19.10. ETA for availability of version 33.0.19.10: January 11, 2026

Content Description After an interface and a gateway that is reachable via this interface are disabled and then enabled, the gateway becomes unreachable and its configuration is missing from the namespace. Affected Versions 33.0.19.0 33.5.15.0 34.0.11.0 34.5.6.0 Bug ID AL-154085 Solution Upgrade to one of the versions listed in ETA for Fix. Workaround Restart the VLAN of the interface. ETA for fix  The fix is scheduled to be available in the following releases: 33.0.20.0 33.5.16.0 34.0.12.0 34.5.7.0 Professional Services – Important Note  If this Tech Alert affects your product, Radware’s Professional Services (PS) team is available to assist you with configuration and upgrade of the Radware’s solution as needed. Customers who already purchased a PS package are invited to make use of the PS package for this purpose. For Radware PS assistance please send an email to Professional Services or contact your account manager.