Description
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.
Published: 2026-02-10
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized User Modification
Action: Immediate Patch
AI Analysis

Impact

A missing authorization flaw in Fortinet FortiAuthenticator allows a user with read‑only privileges to modify local user accounts by uploading a file to an unprotected endpoint. The attack can change account attributes, potentially enabling privilege escalation and compromising the device’s authentication mechanisms. This weakness corresponds to CWE‑862, which focuses on the absence of proper authorization checks.

Affected Systems

Vendors and products impacted include Fortinet FortiAuthenticator. Versions affected are all releases from 6.3.0 through 6.6.6, as well as all 6.5 and 6.4 release lines. The advisory recommends upgrading to version 6.6.7 or later, or to 8.0.0 for more recent builds.

Risk and Exploitability

The CVSS v3.1 base score of 6.8 indicates a moderate severity, while the EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack path involves an adversary who can obtain or impersonate a read‑only user account, then use the unprotected endpoint on the protected network to upload a crafted file that alters local user entries. Successful exploitation would grant the attacker the ability to create, edit, or delete user accounts.

Generated by OpenCVE AI on April 17, 2026 at 20:47 UTC.

Remediation

Vendor Solution

Upgrade to FortiAuthenticator version 8.0.0 or above Upgrade to FortiAuthenticator version 6.6.7 or above

OpenCVE Recommended Actions

  • Upgrade FortiAuthenticator to version 6.6.7 or 8.0.0 to apply the authorization fix.
  • Restrict access to the file‑upload endpoint so that only administrative users can use it, or block the endpoint entirely for read‑only users via firewall or ACL rules.
  • Disable or remove unused local user accounts and enforce the principle of least privilege to ensure no account with read‑only status can perform file uploads.

Generated by OpenCVE AI on April 17, 2026 at 20:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Authorization Bypass via Unprotected File Upload Enabling Unauthorized User Modifications

Thu, 12 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.
First Time appeared Fortinet
Fortinet fortiauthenticator
Weaknesses CWE-862
CPEs cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.5.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortiauthenticator
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C'}

Subscriptions

Fortinet Fortiauthenticator
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-02-12T00:27:03.410Z

Reserved: 2026-01-05T14:17:53.224Z

Link: CVE-2026-21743

cve-icon Vulnrichment

Updated: 2026-02-10T16:26:10.477Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T16:16:10.903

Modified: 2026-02-12T16:05:15.240

Link: CVE-2026-21743

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:00:12Z

Weaknesses