LeakyCreds
NewInstant webhook alerts now available β€” notified within seconds of any credential detection.Learn more β†’
Home / Vulnerability Intelligence / CVE-2026-44277

CVE-2026-44277 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 12, 2026

Fortinet FortiAuthenticator - Improper Access Control

Published: May 12, 2026Updated: May 12, 2026Remote Exploitable

Overview

Fortinet FortiAuthenticator 6.5.0 through 6.5.6, 6.6.0 through 6.6.8, 8.0.0, and 8.0.2 contain an improper access control vulnerability caused by insufficient authorization checks, letting attackers execute unauthorized code or commands, exploit requires unspecified attack vector.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can execute unauthorized code or commands, potentially leading to full system compromise.

Mitigation

Update to the latest available version of FortiAuthenticator.

References

Social Media Activity(3 posts)

Analyst207
Analyst207
@Analyst207
May 12, 2026

Fortinet Disrupts Critical RCE Flaws in FortiSandbox, FortiAuthenticator Fortinet has patched a critical remote code execution vulnerability in its FortiAuthenticator and FortiSandbox products, which could have allowed unauthenticated attackers to run unauthorized code or commands. The company has released fixed builds to address the flaw, tracked as CVE-2026-44277, and… https://osintsights.com/fortinet-disrupts-critical-rce-flaws-in-fortisandbox-fortiauthenticator?utm_source=mastodon&utm_medium=social #RemoteCodeExecution #Fortiauthenticator #Cve202644277 #Fortinet #IdentityAndAccessManagement

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 12, 2026

πŸ”΄ CVE-2026-44277 - Critical (9.8) A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via πŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-44277/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 12, 2026

πŸ”΄ CVE-2026-44277 - Critical (9.8) A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via πŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-44277/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-44277
Severity
Critical
CVSS Score
9.8
Type
undefined
Status
unconfirmed
EPSS
0.0%
Social Posts
3

CWE

  • CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days