Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000008

[Content Description]
Fortinet's FortiAuthenticator product contains an improper access control vulnerability (CVE-2026-44277, CVSS: 9.8). An unauthenticated attacker could execute unauthorized code or commands through specially crafted requests.

[Affected Platforms]
FortiAuthenticator versions 8.0.0, 8.0.2, 6.6.0 to 6.6.8, and 6.5.0 to 6.5.6

[Recommended Actions]
Please update to the following versions: FortiAuthenticator 8.0.3 or later, FortiAuthenticator 6.6.9 or later, and FortiAuthenticator 6.5.7 or later.