CVE-2026-44277

>= 6.4.0 and <= 6.4.10

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 t

9.8CRITICAL

CVE-2026-21743

>= 6.3.0 and < 6.6.7

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, For

7.2HIGH

CVE-2025-59923

>= 6.3.0 and <= 6.6.4

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions,

2.7LOW

CVE-2025-57823

>= 6.3.0 and <= 6.6.6

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all

2.7LOW

CVE-2022-23439

>= 6.3.0 and < 6.3.4

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches

4.7MEDIUM

CVE-2024-23664

>= 6.4.0 and < 6.5.4

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, versi

6.1MEDIUM

CVE-2022-22302

>= 6.0.0 and <= 6.0.4

A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through

5.3MEDIUM

CVE-2022-35850

>= 6.1.0 and < 6.3.4

An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 t

4.3MEDIUM

CVE-2023-26208

>= 5.4.0 and < 6.5.0

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and befor

3.7LOW

CVE-2021-26116

>= 5.0.0 and < 6.3.1

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthent

6.7MEDIUM

CVE-2021-36177

>= 6.0.0 and < 6.3.3

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow

4.2MEDIUM

CVE-2021-43068

all versions

A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication v

5.4MEDIUM

CVE-2021-43067

>= 6.0.1 and <= 6.0.7

A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below

8.3HIGH

CVE-2021-22124

>= 4.0.0 and <= 4.3.4

An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3

7.5HIGH

CVE-2021-24005

>= 6.0.0 and < 6.3.0

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 m

4.0MEDIUM

CVE-2019-16154

all versions

An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated use

6.1MEDIUM

CVE-2018-9186

>= 4.0.0 and < 5.3.0

A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failu

6.1MEDIUM

CVE-2015-1459

all versions

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web scri

CVE-2015-1458

all versions

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec

CVE-2015-1457

all versions

Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.

CVE-2015-1456

all versions

Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to

CVE-2015-1455

all versions

Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data Post

CVE-2013-6990

<= 2.2

FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.