Latest Fortinet FortiAuthenticator vulnerability: CVE-2026-44277 #
Fortinet disclosed in an advisory that a critical vulnerability was identified in multiple versions of FortiAuthenticator.
- CVE-2026-44277: An improper access control vulnerability exists in Fortinet FortiAuthenticator due to insufficient authorization checks. A remote attacker with no privileges could exploit this vulnerability via a network-based attack vector, potentially allowing the execution of unauthorized code or commands. This vulnerability has been designated CVE-2026-44277 and has been rated critical with a CVSS score of 9.1.
The following versions are affected:
- FortiAuthenticator 8.0: 8.0.0, 8.0.2
- FortiAuthenticator 6.6: Versions 6.6.0 through 6.6.8
- FortiAuthenticator 6.5: Versions 6.5.0 through 6.5.6
What is Fortinet FortiAuthenticator? #
FortiAuthenticator is a centralized Identity and Access Management (IAM) solution that provides secure, identity-based access across a network by managing user authentication, multi-factor authentication (MFA), and single sign-on (SSO). It acts as a gatekeeper that integrates with existing directories to ensure only authorized users and devices can access critical resources across the Fortinet Security Fabric and third-party systems.
What is the impact? #
Successful exploitation of these vulnerabilities would allow an attacker to gain unauthorized API access, enabling them to escalate privileges and execute code or commands on the vulnerable host.
Are updates or workarounds available? #
Users are encouraged upgrade affected systems to the following versions:
- FortiAuthenticator 8.0: Upgrade to 8.0.3 or later
- FortiAuthenticator 6.6: Upgrade to 6.6.9 or later
- FortiAuthenticator 6.5: Upgrade to 6.5.7 or later
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate potentially impacted assets:
hw:FortiAuthenticator
