What is CVE-2021-26102?

CVE-2021-26102 is a critical-severity vulnerability in Fortinet Fortiwan, classified under Authentication Bypass by Primary Weakness. CVSS score: 9.8/10. Published 2024-12-19.

How severe is CVE-2021-26102?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2021-26102 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fortinet Fortiwan

CVE-2021-26102

A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting s…

EPSS: 0.608 (98.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C.

Affected products

Fortinet Fortiwan — versions 4.5.0, 4.4.0

Weakness classification (CWE)

CWE-305 — Authentication Bypass by Primary Weakness

Public proof-of-concept exploits

References

https://fortiguard.fortinet.com/psirt/FG-IR-21-048

Frequently asked questions

What is CVE-2021-26102?: CVE-2021-26102 is a critical-severity vulnerability in Fortinet Fortiwan, classified under Authentication Bypass by Primary Weakness. CVSS score: 9.8/10. Published 2024-12-19.
How severe is CVE-2021-26102?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2021-26102 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.