CVE-2026-21743

Description

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.

CVSS breakdown

Affected products

• fortinet / fortiauthenticator6.6.6 – 6.6.6
• fortinet / fortiauthenticator6.6.5 – 6.6.5
• fortinet / fortiauthenticator6.6.4 – 6.6.4
• fortinet / fortiauthenticator6.6.3 – 6.6.3
• fortinet / fortiauthenticator6.6.2 – 6.6.2
• fortinet / fortiauthenticator6.6.1 – 6.6.1
• fortinet / fortiauthenticator6.6.0 – 6.6.0
• fortinet / fortiauthenticator6.5.7 – 6.5.7
• fortinet / fortiauthenticator6.5.6 – 6.5.6
• fortinet / fortiauthenticator6.5.5 – 6.5.5
• fortinet / fortiauthenticator6.5.4 – 6.5.4
• fortinet / fortiauthenticator6.5.3 – 6.5.3
• fortinet / fortiauthenticator6.5.2 – 6.5.2
• fortinet / fortiauthenticator6.5.1 – 6.5.1
• fortinet / fortiauthenticator6.5.0 – 6.5.0
• fortinet / fortiauthenticator6.4.11 – 6.4.11
• fortinet / fortiauthenticator6.4.10 – 6.4.10
• fortinet / fortiauthenticator6.4.9 – 6.4.9
• fortinet / fortiauthenticator6.4.8 – 6.4.8
• fortinet / fortiauthenticator6.4.7 – 6.4.7
• fortinet / fortiauthenticator6.4.6 – 6.4.6
• fortinet / fortiauthenticator6.4.5 – 6.4.5
• fortinet / fortiauthenticator6.4.4 – 6.4.4
• fortinet / fortiauthenticator6.4.3 – 6.4.3
• fortinet / fortiauthenticator6.4.2 – 6.4.2
• fortinet / fortiauthenticator6.4.1 – 6.4.1
• fortinet / fortiauthenticator6.4.0 – 6.4.0
• fortinet / fortiauthenticator6.3.5 – 6.3.5
• fortinet / fortiauthenticator6.3.4 – 6.3.4
• fortinet / fortiauthenticator6.3.3 – 6.3.3
• fortinet / fortiauthenticator6.3.2 – 6.3.2
• fortinet / fortiauthenticator6.3.1 – 6.3.1
• fortinet / fortiauthenticator6.3.0 – 6.3.0

References

• VENDOR_ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-25-528