Fortinet FortiAuthenticator 6.6.0
Approved changes feed: RSS · Atom
cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*
part: a version: 6.6.0 update: *
| Vendor | Fortinet (2b06c5e0-0a17-54f4-810a-5ef236d51947) |
|---|---|
| Product | Fortiauthenticator (c9e59448-899d-59b8-be98-875d13278b33) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-44277 |
vulnerable | 2026-06-03 15:25:02.951042 |
Details available
CRITICAL (9.1)
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.
Published: 2026-05-12T16:54:05.024Z
Updated: 2026-05-28T09:30:16.137Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-21743 |
vulnerable | 2026-06-03 15:15:51.593917 |
Details available
MEDIUM (6.8)
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.
Published: 2026-02-10T15:39:11.799Z
Updated: 2026-02-12T00:27:03.410Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59923 |
vulnerable | 2026-06-03 15:06:26.325888 |
Details available
LOW (2.6)
An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the credentials of other administrators' messaging services via crafted requests.
Published: 2025-12-09T17:18:45.658Z
Updated: 2026-01-14T09:18:46.546Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57823 |
vulnerable | 2026-06-03 15:05:00.099917 |
Details available
LOW (2.6)
A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints
Published: 2025-12-09T17:18:45.986Z
Updated: 2026-01-14T09:18:54.052Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23664 |
vulnerable | 2026-06-03 14:55:04.261279 |
Details available
MEDIUM (5.8)
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.
Published: 2024-06-03T09:50:26.151Z
Updated: 2024-08-01T23:06:25.363Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.