{"api_version":"1","generated_at":"2026-05-06T22:01:38+00:00","cve":"CVE-2021-26116","urls":{"html":"https://cve.report/CVE-2021-26116","api":"https://cve.report/api/cve/CVE-2021-26116.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-26116","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-26116"},"summary":{"title":"CVE-2021-26116","description":"An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.","state":"PUBLIC","assigner":"psirt@fortinet.com","published_at":"2022-04-06 16:15:00","updated_at":"2022-04-13 17:57:00"},"problem_types":["CWE-78"],"metrics":[],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-068","name":"https://fortiguard.com/advisory/FG-IR-21-068","refsource":"CONFIRM","tags":[],"title":"PSIRT Advisories | FortiGuard","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-26116","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26116","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortiauthenticator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-26116","ASSIGNER":"psirt@fortinet.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Fortinet","product":{"product_data":[{"product_name":"Fortinet FortiAuthenticator","version":{"version_data":[{"version_value":"FortiAuthenticator before 6.3.1"}]}}]}}]}},"impact":{"cvss":{"attackComplexity":"Low","attackVector":"Local","availabilityImpact":"High","baseScore":6.5,"baseSeverity":"Medium","confidentialityImpact":"High","integrityImpact":"High","privilegesRequired":"High","scope":"Unchanged","userInteraction":"None","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Execute unauthorized code or commands"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://fortiguard.com/advisory/FG-IR-21-068","url":"https://fortiguard.com/advisory/FG-IR-21-068"}]},"description":{"description_data":[{"lang":"eng","value":"An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands."}]}},"nvd":{"publishedDate":"2022-04-06 16:15:00","lastModifiedDate":"2022-04-13 17:57:00","problem_types":["CWE-78"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"6.3.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"26116","Ordinal":"201061","Title":"CVE-2021-26116","CVE":"CVE-2021-26116","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"26116","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}