EUVD-2021-12916

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Cryptographic flaws in FortiMail session management may let attackers forge session cookies and escalate privileges

Reporter	Title	Published	Views	Family All 14
BDU FSTEC	The vulnerability of the FortiMail email security system, which stems from insufficient data encryption, allows attackers to enhance their privileges.	4 Aug 202100:00	–	bdu_fstec
Circl	CVE-2021-26095	20 Jul 202114:33	–	circl
CNNVD	Fortinet FortiMail 加密问题漏洞	13 Jul 202100:00	–	cnnvd
CNVD	Fortinet FortiMail Encryption Issue Vulnerability	19 Jul 202100:00	–	cnvd
CVE	CVE-2021-26095	20 Jul 202110:48	–	cve
Cvelist	CVE-2021-26095	20 Jul 202110:48	–	cvelist
Fortinet	FortiMail - Improper cryptographic operations in cookie encryption potentially prone to forgery	7 Jul 202100:00	–	fortinet
NCSC	Vulnerabilities fixed in FortiMail	9 Jul 202100:00	–	ncsc
NVD	CVE-2021-26095	20 Jul 202111:15	–	nvd
OSV	CVE-2021-26095	20 Jul 202111:15	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "c0b50331-b904-3099-942f-8910ba2b5b21",
        "vendor": {
          "name": "Fortinet"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "dc9bdbe7-c36b-3f46-b2aa-589d23df50a8",
        "product": {
          "name": "Fortinet FortiMail"
        },
        "product_version": "FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/advisory/FG-IR-21-019
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

8.7High risk

Vulners AI Score8.7

CVSS 3.17.5 - 8.8

CVSS 26.5

EPSS0.00306

SSVC