CVE-2021-26090
CVE-2021-26090
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
12 Jul 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
Fortinet · Fortinet FortiMailWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →