CVE-2026-44277
CVE-2026-44277
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.1EPSS 0.6%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
12 May 2026Published on NVD
13 May 2026Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Affected products
Fortinet · FortiAuthenticatorpublic PoCs found — 1
githubgithub.com/0xBlackash/CVE-2026-44277★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →