{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-44277","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2026-05-05T17:24:16.702Z","datePublished":"2026-05-12T16:54:05.024Z","dateUpdated":"2026-05-13T12:51:43.303Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiAuthenticator","cpes":["cpe:2.3:a:fortinet:fortiauthenticator:8.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:8.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"8.0.2","status":"affected"},{"version":"8.0.0","status":"affected"},{"versionType":"semver","version":"6.6.0","lessThanOrEqual":"6.6.8","status":"affected"},{"versionType":"semver","version":"6.5.0","lessThanOrEqual":"6.5.6","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.10","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here>"}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-05-13T12:51:43.303Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-284","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiAuthenticator version 8.0.3 or above\nUpgrade to FortiAuthenticator version 8.0.1 or above\nUpgrade to FortiAuthenticator version 6.6.9 or above\nUpgrade to FortiAuthenticator version 6.5.7 or above\nUpgrade to FortiAuthenticator version 6.4.11 or above\nUpgrade to FortiAuthenticator version 6.3.5 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-128","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-128"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-12T18:59:33.244531Z","id":"CVE-2026-44277","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-12T19:02:58.505Z"}}]}}