CVE-2021-26090

Summary

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiMailFortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6affected

Weaknesses

  • Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References