← Back

CVE-2026-21743

nvd nist
Published: Feb 10, 2026Modified: Feb 12, 2026

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: psirt@fortinet.com (Secondary)

Description

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.

Affected (1)

Fortinet
1 product
Fortiauthenticator
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Fortiauthenticator
From 6.3.0 to 6.6.7

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (1)

Source: psirt@fortinet.com
Vendor Advisory

Timeline

No history available yet.