Fortiauthenticator
CVE-2026-21743
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.
AnalysisAI
FortiAuthenticator 6.3 through 6.6.6 allows read-only users to modify local user accounts by uploading files to an unprotected endpoint, bypassing authorization controls. This vulnerability requires high privileges to initiate but could enable unauthorized account modifications in affected deployments. No patch is currently available for this high-severity flaw.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects the a file upload to an unprotected component of Fortiauthenticator. A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.
RemediationAI
Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.
More in Fortiauthenticator
View allFortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tm
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Rated m
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrar
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authen
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www
Information disclosure in Fortinet FortiAuthenticator (6.5 all versions and 6.6.0–6.6.2) lets a remote unauthenticated a
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 throug
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions befo
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and be
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF valida
Same weakness CWE-862 – Missing Authorization
View allShare
External POC / Exploit Code
Leaving vuln.today