A critical path traversal vulnerability in Fortinet FortiWeb is being actively exploited in the wild, allowing unauthenticated attackers to create administrative accounts on vulnerable devices. Organizations using FortiWeb versions 8.0.1 and earlier must patch immediately and review their systems for signs of compromise.