Fortinet Fortiauthenticator
16 CVEs affecting Fortinet Fortiauthenticator. Latest disclosed: 2026-05-12. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44277 | Critical | 9.8 | 2026-05-12 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthentica… |
CVE-2026-21743 | Medium | 6.8 | 2026-02-10 | A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versi… |
CVE-2024-23664 | Medium | 5.8 | 2024-06-03 | A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow… |
CVE-2022-22302 | Medium | 5.3 | 2023-07-11 | A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0… |
CVE-2022-35850 | Medium | 4.2 | 2023-04-11 | An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6… |
CVE-2022-23439 | Medium | 4.1 | 2025-01-22 | A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, wh… |
CVE-2021-24005 | Medium | 4.0 | 2021-07-06 | Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with acc… |
CVE-2023-26208 | Low | 3.5 | 2023-03-09 | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenti… |
CVE-2025-57823 | Low | 2.6 | 2025-12-09 | A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator… |
CVE-2025-59923 | Low | 2.6 | 2025-12-09 | An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all ve… |
CVE-2015-1459 | | 2015-02-03 | Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation… | |
CVE-2015-1458 | | 2015-02-03 | Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access… | |
CVE-2015-1457 | | 2015-02-03 | Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |
CVE-2015-1456 | | 2015-02-03 | Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information… | |
CVE-2015-1455 | | 2015-02-03 | Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it e… | |
CVE-2013-6990 | | 2014-04-30 | FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. |