【Vulnerability Alert】Fortinet’s FortiAuthenticator contains a critical information security vulnerability (CVE-2026-44277)
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026051404050909 | Publication Time | 2026-05-14 16:55:10 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026-05-14 16:55:10 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Fortinet’s FortiAuthenticator contains a critical information security vulnerability (CVE-2026-44277) |
|||
| [Content]
Forwarded from TWCERTCC-200-202605-00000008 Fortinet’s FortiAuthenticator product contains an improper access control vulnerability (CVE-2026-44277, CVSS: 9.8). An unauthenticated attacker may execute unauthorized code or commands through specially crafted requests. Information Sharing Level: WHITE (The information content is information that may be publicly disclosed) |
|||
| [Affected Platform]
FortiAuthenticator version 8.0.0, FortiAuthenticator version 8.0.2, FortiAuthenticator versions 6.6.0 to 6.6.8, FortiAuthenticator versions 6.5.0 to 6.5.6 |
|||
| [Recommended Actions]
Please update to the following versions: FortiAuthenticator 8.0.3 (inclusive) or later versions, FortiAuthenticator 6.6.9 (inclusive) or later versions, FortiAuthenticator 6.5.7 (inclusive) or later versions |
|||
|
[Reference] |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw