【Vulnerability Alert】Critical Security Vulnerability in Fortinet FortiAuthenticator (CVE-2026-44277)

• Subject: 【Vulnerability Alert】Critical Security Vulnerability in Fortinet FortiAuthenticator (CVE-2026-44277)

• Description:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Advisory TWCERTCC-200-202605-00000008
  • An improper access control vulnerability (CVE-2026-44277, CVSS: 9.8) exists in Fortinet FortiAuthenticator. An unauthenticated attacker could potentially execute unauthorized code or commands via specially crafted requests.
• Affected Platforms:
  • FortiAuthenticator version 8.0.0, FortiAuthenticator version 8.0.2, FortiAuthenticator versions 6.6.0 to 6.6.8, FortiAuthenticator versions 6.5.0 to 6.5.6
• Recommended Actions:
  • Please update to the following versions: FortiAuthenticator version 8.0.3 and later, FortiAuthenticator version 6.6.9 and later, FortiAuthenticator version 6.5.7 and later

Computer and Communication Center
Network Systems Division