{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-44277","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2026-05-05T17:24:16.702Z","datePublished":"2026-05-12T16:54:05.024Z","dateUpdated":"2026-05-28T09:30:16.137Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiAuthenticator","cpes":["cpe:2.3:a:fortinet:fortiauthenticator:8.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:8.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"8.0.2","status":"affected"},{"version":"8.0.0","status":"affected"},{"versionType":"semver","version":"6.6.0","lessThanOrEqual":"6.6.8","status":"affected"},{"versionType":"semver","version":"6.5.0","lessThanOrEqual":"6.5.6","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.10","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-05-28T09:30:16.137Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-284","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiAuthenticator version 8.0.3 or above\nUpgrade to FortiAuthenticator version 8.0.1 or above\nUpgrade to FortiAuthenticator version 6.6.9 or above\nUpgrade to FortiAuthenticator version 6.5.7 or above\nUpgrade to FortiAuthenticator version 6.4.11 or above\nUpgrade to FortiAuthenticator version 6.3.5 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-128","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-128"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-12T18:59:33.244531Z","id":"CVE-2026-44277","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-12T19:02:58.505Z"}}]}}