Fortinet Fortiauthenticator — known CVE vulnerabilities
Every CVE whose affected-product data names Fortinet Fortiauthenticator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2026-44277 — CVSS 9.8 (critical): A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through…
CVE-2013-6990 — CVSS 9.0 (critical): FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.
CVE-2021-43067 — CVSS 8.3 (high): A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version…
CVE-2015-1455 — CVSS 7.5 (high): Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL…
CVE-2021-22124 — CVSS 7.5 (high): An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0…
CVE-2026-21743 — CVSS 7.2 (high): A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions…
CVE-2015-1458 — CVSS 6.9 (medium): Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_e…
CVE-2021-26116 — CVSS 6.7 (medium): An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator…
CVE-2019-16154 — CVSS 6.1 (medium): An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to…
CVE-2018-9186 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page…
CVE-2024-23664 — CVSS 6.1 (medium): A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9…
CVE-2021-43068 — CVSS 5.4 (medium): A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a…
CVE-2022-22302 — CVSS 5.3 (medium): A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9…
CVE-2015-1457 — CVSS 4.9 (medium): Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
CVE-2022-23439 — CVSS 4.7 (medium): A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via…
CVE-2015-1459 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or…
CVE-2022-35850 — CVSS 4.3 (medium): An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through…
CVE-2021-36177 — CVSS 4.2 (medium): An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an…
CVE-2021-24005 — CVSS 4.0 (medium): Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow…
CVE-2015-1456 — CVSS 4.0 (medium): Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain…
CVE-2023-26208 — CVSS 3.7 (low): A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows…
CVE-2025-57823 — CVSS 2.7 (low): A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions…
CVE-2025-59923 — CVSS 2.7 (low): An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions…