CVE Catalog

CVE-2026-44277

Critical
Published: Translated: NVD NIST

Summary

An improper access control vulnerability exists in Fortinet FortiAuthenticator versions 8.0.2, 8.0.0, 6.6.0 through 6.6.8, and 6.5.0 through 6.5.6. This may allow an attacker to execute unauthorized code or commands via crafted requests.

Risk Assessment

This vulnerability poses a risk of unauthorized actions being performed in the system, potentially leading to serious data security breaches for the organization.

Recommendation

It is recommended to update FortiAuthenticator to the latest version to mitigate this vulnerability and implement additional security measures to monitor and restrict access.

Original NVD description (English source)

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS