CVE Catalog

CVE-2026-49938

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

10th percentile - higher than 10% of all known CVEs

Summary

An improper access control vulnerability exists in Fortinet FortiPortal versions 7.4.0 through 7.4.7, 7.2.0 through 7.2.8, and all versions of 7.0. An attacker may exploit this vulnerability for unauthorized access.

Risk Assessment

Improper access control may lead to the exposure of sensitive data or unauthorized system management, posing a significant security threat to the organization.

Recommendation

It is recommended to update FortiPortal to the latest version to mitigate this vulnerability and implement additional security measures to protect against unauthorized access.

Original NVD description (English source)

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>

Vulnerability data from NVD (NIST) · CISA KEV · EPSS