← Home
Improper access control in API endpoints
Source: fortinet / FG-IR-26-140
— original advisory
Published: 2026-06-09
· Last updated: 2026-06-09
· Vendor severity: Not rated by vendor
CVEs
| CVE | CVSS | CWE | Exploitation |
| CVE-2026-49938 |
6.2 |
CWE-284: Improper Access Control |
Not observed in the wild |
Affected Products
| Product | Affected versions | Fixed version |
| FortiPortal |
FortiPortal 7.0 |
Not specified by vendor |
| FortiPortal |
FortiPortal 7.2 |
Not specified by vendor |
| FortiPortal |
FortiPortal 7.4 |
Not specified by vendor |