CRITICALCVE-2026-44277Published 2026-05-12Modified 2026-05-28CNA fortinet

CVE-2026-44277: A improper access control vulnerability in Fortinet FortiAuthenticator 8

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

CVSS v3.1: 9.1
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

Fortinet / FortiAuthenticator
8.0.2 · 8.0.0 · ≤ 6.6.8 · ≤ 6.5.6 · ≤ 6.4.10

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-128

Metrics