Skip to main content
kcheng
Staff & Editor
kcheng
Staff & Editor
February 7, 2025

Technical Tip: Explanation of 'Branches to fix' version in Fortinet PSIRT Policy

  • February 7, 2025
  • 0 replies
  • 2216 views
Description This article describes the definition of 'Branches to fix' corresponding to the CVSS score.
Scope All FortiOS.
Solution

Fortinet PSIRT policy defines the 'Branches to fix' based on the CVSS score assigned to a specific vulnerability. The full PSIRT policy can be found via the following link: PSIRT Policy.

 

In the PSIRT policy, the branches to fix are highly dependent on the severity of the reported vulnerability:

 

image.png

 

As of January 2026, the FortiOS releases that have not reached the end of support date are as follows:

 

FortiOS End of Support Date
7.2 (Long Term Support) 2026-09-30 (Extended EOS: 2028-03-31)
7.4 2027-01-11
7.6 (Long Term Support 2029-01-25 (Extended EOS: 2030-07-29)

Reference: Fortinet Product Life Cycle.

 

Based on the information above, the categorization of the 'Branches to fix' is as follows:

 

Branches to fix Definition FortiOS Versions (as of Jan 2026)
All supported versions. All supported FortiOS versions that have not reached End of Support(EOS) or Extended End of Support (EEOS) for LTS versions. v7.2, v7.4, v7.6.
Current and prior versions. The latest major version (n) and prior major versions (n-1) among all FortiOS versions are currently under Engineering Support. v7.4, v7.6.
Fixed in the latest supported version. The latest major version among all FortiOS versions that are currently under Engineering Support. v7.6.
Fixed in the next major version. Future major version. >v7.6.
    Terms & ConditionsAccessibility statement