Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 28, 2026
CVE-2026-44277
CVE-2026-44277
Description
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*range: >=6.4.0,<=6.4.10
- (no CPE)range: 6.5.0-6.5.6, 6.6.0-6.6.8, 8.0.0, 8.0.2
Patches
Vulnerability mechanics
References
1- fortiguard.fortinet.com/psirt/FG-IR-26-128nvdVendor Advisory
News mentions
4- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026
- Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation FlawsThe Hacker News · May 18, 2026
- Fortinet, Ivanti Patch Critical VulnerabilitiesSecurityWeek · May 13, 2026
- Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticatorBleepingComputer · May 12, 2026