Threat Intelligence / CVE / CVE-2026-44277

CVE-2026-44277

CVSS 9.1 (CRITICAL) · EPSS 0.1% · Published 2026-05-12

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Weaknesses (CWE)

CWE-284

Threats tracking this CVE

Fortinet Critical Unauthenticated RCE — FortiAuthenticator CVE-2026-44277 & FortiSandbox CVE-2026-26083 — CRITICAL

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-128

Full detection coverage & IOCs for threats exploiting CVE-2026-44277 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence