An improper handling of malformed request vulnerability [CWE-228] in FortiADC may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request.