CVE-2026-44277
CriticalSummary
An improper access control vulnerability exists in Fortinet FortiAuthenticator versions 8.0.2, 8.0.0, 6.6.0 through 6.6.8, and 6.5.0 through 6.5.6. This may allow an attacker to execute unauthorized code or commands via crafted requests.
Risk Assessment
This vulnerability poses a risk of unauthorized actions being performed in the system, potentially leading to serious data security breaches for the organization.
Recommendation
It is recommended to update FortiAuthenticator to the latest version to mitigate this vulnerability and implement additional security measures to monitor and restrict access.
Original NVD description (English source)
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

