236 matches found
CVE-2025-53379
A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request...
CVE-2025-53379
Fortinet FortiAuthenticator is affected by CVE-2025-53379, an out-of-bounds read vulnerability in FortiAuthenticator 6.6.0–6.6.2 and all 6.5 versions. A remote unauthenticated attacker could potentially retrieve sensitive information via a specially crafted request. The CVSSv3.1 vector is NETWORK...
PT-2026-58054
Name of the Vulnerable Software and Affected Versions FortiAuthenticator versions 6.6.0 through 6.6.2 FortiAuthenticator versions 6.5.x Description An out-of-bounds read issue allows a remote unauthenticated attacker to retrieve sensitive information by sending a specially crafted request. An...
CVE-2026-44277
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests...
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction CVE-2026-8043, CVSS score: 9.6 that could be...
Vulnerability concealment in Fortinet FortiAuthenticator
Fortinet has identified a vulnerability in FortiAuthenticator. This vulnerability relates to incorrect access control in FortiAuthenticator, allowing attackers to execute unauthorized code or commands. This occurs due to insufficient restrictions in the access control mechanism within the softwar...
EUVD-2026-29729
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via...
CVE-2026-44277
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests...
CVE-2026-44277
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via...
PT-2026-40265
Name of the Vulnerable Software and Affected Versions FortiAuthenticator versions 8.0.0 through 8.0.2 FortiAuthenticator versions 6.6.0 through 6.6.8 FortiAuthenticator versions 6.5.0 through 6.5.6 Description An improper access control issue in API endpoints allows an unauthenticated remote...
Fortinet FortiAuthenticator 访问控制错误漏洞
Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. Versions 8.0.2, 8.0.0, 6.6.0 to 6.6.8, and 6.5.0 to 6.5.6 of Fortinet FortiAuthenticator contain access control vulnerabilities. These vulnerabilities stem from improper acces...
CVE-2026-21743
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...
Vulnerabilities fixed in Fortinet FortiSandbox, FortiAuthenticator and FortiClient
Fortinet has fixed vulnerabilities in FortiSandbox versions 4.4.8 and 5.0.5, FortiAuthenticator versions 6.3 to 6.6.6 and FortiClient versions 7.0, 7.2 and 7.4. The vulnerability in FortiSandbox involves Cross-site Scripting, which allows unauthenticated attackers to execute arbitrary commands vi...
CVE-2026-21743
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...
CVE-2026-21743
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...
CVE-2026-21743
The CVE-2026-21743 issue affects Fortinet FortiAuthenticator releases 6.6.0–6.6.6, all 6.5 series, and all 6.4 and 6.3 versions. It is a missing authorization vulnerability where a read-only user could modify local users by uploading a file to an unprotected endpoint. The CVSS 3.1 base score is 7...
CVE-2026-21743
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...
CVE-2026-21743
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...
Fortinet FortiAuthenticator 安全漏洞
Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. Vulnerabilities exist in versions 6.6.0 to 6.6.6, 6.5 all versions, 6.4 all versions, and 6.3 all versions of FortiAuthenticator. These vulnerabilities stem from the lack of...
PT-2026-7280
Name of the Vulnerable Software and Affected Versions Fortinet FortiAuthenticator versions 6.3 through 6.6.6 Fortinet FortiAuthenticator 6.5 all versions Fortinet FortiAuthenticator 6.4 all versions Description A missing authorization issue in FortiAuthenticator may allow a user with read-only...