CVE-2026-44277
published 2026-05-12CVE-2026-44277: A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
41.8th percentile
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | 6.4.0 – 6.4.10 | — |
| fortinet | fortiauthenticator | >= 6.5.0 < 6.5.7 | 6.5.7 |
| fortinet | fortiauthenticator | 6.5.0 – 6.5.6 | — |
| fortinet | fortiauthenticator | >= 6.6.0 < 6.6.9 | 6.6.9 |
| fortinet | fortiauthenticator | 6.6.0 – 6.6.8 | — |
| fortinet | fortiauthenticator | >= 8.0.0 < 8.0.3 | 8.0.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is exploitable by unauthenticated attackers via crafted HTTP requests targeting FortiAuthenticator; monitor for anomalous or malformed requests to FortiAuthenticator web interfaces from unauthenticated sources. ↗
- ·FortiAuthenticator Cloud (formerly known as FortiTrust Identity) is explicitly stated as NOT impacted by CVE-2026-44277; detection and patching efforts should focus only on on-premises deployments. ↗
- ·Affected versions are FortiAuthenticator 8.0.2, 8.0.0, 6.6.0–6.6.8, and 6.5.0–6.5.6; patched versions are 6.5.7, 6.6.9, and 8.0.3. Unpatched instances should be treated as high-priority targets given Fortinet's history of zero-day exploitation. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
blogs_hackernews·2026-05-18·CVSS 6.1
CVE-2026-42897 [MEDIUM] ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted.
The pattern is clear. One weak dependency can leak keys. One leaked key can open cloud access. One cloud foothold can become a production incident. AI is speeding up vulnerability discovery, attackers are moving quickly, and old exposure still keeps paying off.
Patch the quiet risks first. Let’s g
Hackernews
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
blogs_hackernews·2026-05-18·CVSS 9.8
CVE-2026-8043 [CRITICAL] Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code.
Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks.
"External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web
Bleepingcomputer
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
blogs_bleepingcomputer·2026-05-12·CVSS 9.8
CVE-2026-44277 [CRITICAL] Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
## Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
## Sergiu Gatlan
Fortinet has released security updates to address two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code on unpatched systems.
The first one, tracked as CVE-2026-44277, impacts the company's FortiAuthenticator Identity and Access Management (IAM) solution and was patched in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3.
"An Improper Access Control vulnerability [CWE-284] in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests," Fortinet said in a Tuesday advisory .
The company added that FortiAuthenticator Cloud (formerly known as FortiTrust Iden
2026-05-12
Published