CVE-2026-21743 — Missing Authorization in Fortinet Fortiauthenticator

CWE-862 — Missing Authorization4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 94.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiauthenticator

Timeline

PublishedFeb 10

Description

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortiauthenticator6.3.0 — 6.6.7

▶CVEListV5fortinet/fortiauthenticator6.6.0 — 6.6.6+3

🔴Vulnerability Details

GHSA

GHSA-73jp-396j-hc6q: A missing authorization vulnerability in Fortinet FortiAuthenticator 6↗2026-02-10

▶

CVEList

CVE-2026-21743: A missing authorization vulnerability in Fortinet FortiAuthenticator 6↗2026-02-10

▶

📋Vendor Advisories

Fortinet

Missing authorization on CSV user import↗2026-02-10

▶