轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202605-00000008

[內容說明]
Fortinet旗下FortiAuthenticator產品存在不當存取控制漏洞(CVE-2026-44277，CVSS：9.8)，未經身分驗證的攻擊者可能透過特製的請求，執行未經授權的程式碼或命令。

[影響平台]
FortiAuthenticator 8.0.0版本、 FortiAuthenticator 8.0.2版本、 FortiAuthenticator 6.6.0至6.6.8版本、 FortiAuthenticator 6.5.0至6.5.6版本

[建議措施]
請更新至以下版本: FortiAuthenticator 8.0.3(含)之後版本、 FortiAuthenticator 6.6.9(含)之後版本、 FortiAuthenticator 6.5.7(含)之後版本

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000008

[Content Description]
Fortinet's FortiAuthenticator product contains an improper access control vulnerability (CVE-2026-44277, CVSS: 9.8). An unauthenticated attacker could execute unauthorized code or commands through specially crafted requests.

[Affected Platforms]
FortiAuthenticator versions 8.0.0, 8.0.2, 6.6.0 to 6.6.8, and 6.5.0 to 6.5.6

[Recommended Actions]
Please update to the following versions: FortiAuthenticator 8.0.3 or later, FortiAuthenticator 6.6.9 or later, and FortiAuthenticator 6.5.7 or later.