Summary

Parameter	Value
CVE ID	CVE-2026-44277
Alert Source	GitHub Advisory - Critical Vulnerability
CVE Publication Year	2026
Date Published	2026-05-12
Vendor	Fortinet
Product	FortiAuthenticator
CVSS Score	9.8 (critical)
EPSS Score	No data
CISA KEV	No
Ransomware	Not confirmed

Vulnerability Description

An improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow an attacker to execute unauthorized code or commands via a network-accessible attack vector.

Required Actions

Apply vendor patches or mitigations as soon as available.

Who Is Affected?

This vulnerability affects FortiAuthenticator by Fortinet. Check if your organization uses this software and requires updates.

Sources

Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.

Learn More

Fortinet FortiGate vs Cisco Firepower — NGFW comparison (2026)

Detailed comparison of Fortinet FortiGate vs Cisco Firepower: features, performance, pricing, pros/cons. Which NGFW to choose in 2026?...

Palo Alto vs Fortinet — NGFW + XDR platform comparison (2026)

Palo Alto Networks vs Fortinet: NGFW, Cortex XDR vs FortiXDR, Prisma SASE vs FortiSASE. Features, pricing, when to choose which....

Vulnerability Disclosure - How to Responsibly Report Security Flaws

Complete guide to responsible vulnerability disclosure. Responsible disclosure, coordinated disclosure, CVE, security.txt, and legal aspects....

CVE-2026-44277: Improper Access Control in Fortinet FortiAuthenticator

Summary

Vulnerability Description

Required Actions

Who Is Affected?

Sources

Learn More

Tags:

Share:

Talk to an expert

Grzegorz Gnych

Want to Reduce IT Risk and Costs?