CVE-2026-44277

CRITICAL

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 5/12/2026Modified: 5/15/2026

Related Intelligence (1)

CRITICALZero Day

Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox

Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy patches as soon as possible. “Fortinet vulnerabilities are often attractive to threat actors because these products sit in

CVE-2026-44277CVE-2026-26083
CSO Online

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-26-128Vendor Advisory