Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 15, 2026

CVE-2026-44277

Description

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Affected products

Fortinet/Fortiauthenticatorllm-fuzzy
Range: 6.5.0-6.5.6, 6.6.0-6.6.8, 8.0.0, 8.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-26-128nvdVendor Advisory

News mentions

Fortinet, Ivanti Patch Critical Vulnerabilities
SecurityWeek · May 13, 2026
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
BleepingComputer · May 12, 2026
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
BleepingComputer · May 12, 2026

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000