cbcvebase.
CVE-2026-44277
published 2026-05-12

CVE-2026-44277: A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
41.8th percentile
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

Affected

8 ranges
VendorProductVersion rangeFixed in
fortinetfortiauthenticator
fortinetfortiauthenticator
fortinetfortiauthenticator6.4.0 – 6.4.10
fortinetfortiauthenticator>= 6.5.0 < 6.5.76.5.7
fortinetfortiauthenticator6.5.0 – 6.5.6
fortinetfortiauthenticator>= 6.6.0 < 6.6.96.6.9
fortinetfortiauthenticator6.6.0 – 6.6.8
fortinetfortiauthenticator>= 8.0.0 < 8.0.38.0.3

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is exploitable by unauthenticated attackers via crafted HTTP requests targeting FortiAuthenticator; monitor for anomalous or malformed requests to FortiAuthenticator web interfaces from unauthenticated sources.
  • ·FortiAuthenticator Cloud (formerly known as FortiTrust Identity) is explicitly stated as NOT impacted by CVE-2026-44277; detection and patching efforts should focus only on on-premises deployments.
  • ·Affected versions are FortiAuthenticator 8.0.2, 8.0.0, 6.6.0–6.6.8, and 6.5.0–6.5.6; patched versions are 6.5.7, 6.6.9, and 8.0.3. Unpatched instances should be treated as high-priority targets given Fortinet's history of zero-day exploitation.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.