{"api_version":"1","generated_at":"2026-05-13T08:51:23+00:00","cve":"CVE-2026-44277","urls":{"html":"https://cve.report/CVE-2026-44277","api":"https://cve.report/api/cve/CVE-2026-44277.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-44277","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-44277"},"summary":{"title":"CVE-2026-44277","description":"A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here>","state":"PUBLISHED","assigner":"fortinet","published_at":"2026-05-12 18:17:30","updated_at":"2026-05-12 18:57:02"},"problem_types":["CWE-284","CWE-284 Execute unauthorized code or commands"],"metrics":[{"version":"3.1","source":"psirt@fortinet.com","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","version":"3.1"}}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-128","name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-128","refsource":"psirt@fortinet.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-44277","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44277","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Fortinet","product":"FortiAuthenticator","version":"affected 8.0.2","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAuthenticator","version":"affected 8.0.0","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAuthenticator","version":"affected 6.6.0 6.6.8 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAuthenticator","version":"affected 6.5.0 6.5.6 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAuthenticator","version":"affected 6.4.0 6.4.10 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to FortiAuthenticator version 8.0.3 or above\nUpgrade to FortiAuthenticator version 8.0.1 or above\nUpgrade to FortiAuthenticator version 6.6.9 or above\nUpgrade to FortiAuthenticator version 6.5.7 or above\nUpgrade to FortiAuthenticator version 6.4.11 or above\nUpgrade to FortiAuthenticator version 6.3.5 or above","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:fortinet:fortiauthenticator:8.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:8.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiAuthenticator","vendor":"Fortinet","versions":[{"status":"affected","version":"8.0.2"},{"status":"affected","version":"8.0.0"},{"lessThanOrEqual":"6.6.8","status":"affected","version":"6.6.0","versionType":"semver"},{"lessThanOrEqual":"6.5.6","status":"affected","version":"6.5.0","versionType":"semver"},{"lessThanOrEqual":"6.4.10","status":"affected","version":"6.4.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here>"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"Execute unauthorized code or commands","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T16:54:05.024Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-128","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-128"}],"solutions":[{"lang":"en","value":"Upgrade to FortiAuthenticator version 8.0.3 or above\nUpgrade to FortiAuthenticator version 8.0.1 or above\nUpgrade to FortiAuthenticator version 6.6.9 or above\nUpgrade to FortiAuthenticator version 6.5.7 or above\nUpgrade to FortiAuthenticator version 6.4.11 or above\nUpgrade to FortiAuthenticator version 6.3.5 or above"}]}},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2026-44277","datePublished":"2026-05-12T16:54:05.024Z","dateReserved":"2026-05-05T17:24:16.702Z","dateUpdated":"2026-05-12T16:54:05.024Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-12 18:17:30","lastModifiedDate":"2026-05-12 18:57:02","problem_types":["CWE-284","CWE-284 Execute unauthorized code or commands"],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"44277","Ordinal":"1","Title":"CVE-2026-44277","CVE":"CVE-2026-44277","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"44277","Ordinal":"1","NoteData":"A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here>","Type":"Description","Title":"CVE-2026-44277"}]}}}