← Home
Improper access control on API endpoints
Source: fortinet / FG-IR-26-128
— original advisory
Published: 2026-05-12
· Last updated: 2026-05-12
· Vendor severity: Not rated by vendor
CVEs
| CVE | CVSS | CWE | Exploitation |
| CVE-2026-44277 |
9.1 |
CWE-284: Improper Access Control |
Not observed in the wild |
Affected Products
| Product | Affected versions | Fixed version |
| FortiAuthenticator |
8.0.2 |
Not specified by vendor |
| FortiAuthenticator |
8.0.0 |
Not specified by vendor |
| FortiAuthenticator |
6.6.8 |
Not specified by vendor |
| FortiAuthenticator |
6.6.7 |
Not specified by vendor |
| FortiAuthenticator |
6.6.6 |
Not specified by vendor |
| FortiAuthenticator |
6.6.5 |
Not specified by vendor |
| FortiAuthenticator |
6.6.4 |
Not specified by vendor |
| FortiAuthenticator |
6.6.3 |
Not specified by vendor |
| FortiAuthenticator |
6.6.2 |
Not specified by vendor |
| FortiAuthenticator |
6.6.1 |
Not specified by vendor |
| FortiAuthenticator |
6.6.0 |
Not specified by vendor |
| FortiAuthenticator |
6.5.6 |
Not specified by vendor |
| FortiAuthenticator |
6.5.5 |
Not specified by vendor |
| FortiAuthenticator |
6.5.4 |
Not specified by vendor |
| FortiAuthenticator |
6.5.3 |
Not specified by vendor |
| FortiAuthenticator |
6.5.2 |
Not specified by vendor |
| FortiAuthenticator |
6.5.1 |
Not specified by vendor |
| FortiAuthenticator |
6.5.0 |
Not specified by vendor |
| FortiAuthenticator |
6.4.10 |
Not specified by vendor |
| FortiAuthenticator |
6.4.9 |
Not specified by vendor |
| FortiAuthenticator |
6.4.8 |
Not specified by vendor |
| FortiAuthenticator |
6.4.7 |
Not specified by vendor |
| FortiAuthenticator |
6.4.6 |
Not specified by vendor |
| FortiAuthenticator |
6.4.5 |
Not specified by vendor |
| FortiAuthenticator |
6.4.4 |
Not specified by vendor |
| FortiAuthenticator |
6.4.3 |
Not specified by vendor |
| FortiAuthenticator |
6.4.2 |
Not specified by vendor |
| FortiAuthenticator |
6.4.1 |
Not specified by vendor |
| FortiAuthenticator |
6.4.0 |
Not specified by vendor |