CVE-2026-44277

Summary

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAuthenticator8.0.2affected
FortinetFortiAuthenticator8.0.0affected
FortinetFortiAuthenticator6.6.0 <= 6.6.8affected
FortinetFortiAuthenticator6.5.0 <= 6.5.6affected
FortinetFortiAuthenticator6.4.0 <= 6.4.10affected

Weaknesses

  • CWE-284: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References