【Vulnerability Alert】Fortinet’s FortiAuthenticator contains a critical information security vulnerability (CVE-2026-44277)

publish date : 2026-05-15 update date : 2026-05-15

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026051404050909 Publication Time 2026-05-14 16:55:10
Incident Type ANA-Vulnerability Alert Discovery Time 2026-05-14 16:55:10
Impact Level Low  
[Subject]
【Vulnerability Alert】Fortinet’s FortiAuthenticator contains a critical information security vulnerability (CVE-2026-44277)
[Content]

Forwarded from TWCERTCC-200-202605-00000008

Fortinet’s FortiAuthenticator product contains an improper access control vulnerability (CVE-2026-44277, CVSS: 9.8). An unauthenticated attacker may execute unauthorized code or commands through specially crafted requests.

Information Sharing Level: WHITE (The information content is information that may be publicly disclosed)
[Affected Platform]

FortiAuthenticator version 8.0.0, FortiAuthenticator version 8.0.2, FortiAuthenticator versions 6.6.0 to 6.6.8, FortiAuthenticator versions 6.5.0 to 6.5.6
[Recommended Actions]

Please update to the following versions: FortiAuthenticator 8.0.3 (inclusive) or later versions, FortiAuthenticator 6.6.9 (inclusive) or later versions, FortiAuthenticator 6.5.7 (inclusive) or later versions

[Reference]
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center