CVE Catalog

CVE-2026-44279

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile - higher than 1% of all known CVEs

Summary

An improper export of Android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.

Risk Assessment

The risk involves potential leakage of sensitive authentication or configuration data stored in the application, which could lead to unauthorized access to Fortinet systems.

Recommendation

It is recommended to immediately update FortiTokenAndroid to the latest available version and restrict the export of application components by properly configuring the manifest file.

Original NVD description (English source)

An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS