Primary

Context

Fortinet FortiAuthenticator Improper Access Control Vulnerability Allowing Unauthorized Code Execution

Vulnerability

Patched

A vulnerability allowing improper access control has been identified in Fortinet FortiAuthenticator versions 8.0.2, 8.0.0, 6.6.0 through 6.6.8, and 6.5.0 through 6.5.6. This vulnerability may allow an unauthenticated attacker to execute unauthorized code or commands by sending crafted requests to the application.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the affected system.

Remediation

Users of Fortinet FortiAuthenticator should upgrade to version 8.0.3 or above if they are on FortiAuthenticator 8.0, and to version 6.6.9 or 6.5.7 or above if they are on FortiAuthenticator 6.6 or 6.5 respectively. FortiAuthenticator Cloud is not impacted by this vulnerability.

Added: May 12, 2026, 6:53 PM

Updated: May 12, 2026, 6:53 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

7.0

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

7.0

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiAuthenticator Improper Access Control Vulnerability Allowing Unauthorized Code Execution

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiAuthenticator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating