CVE-2026-21743 | FortiAuthenticator - Authentication Service Operational Intel

Executive Risk Summary

"A missing authorization vulnerability in Fortinet FortiAuthenticator may allow a read-only user to make modifications to local users via a file upload to an unprotected endpoint, potentially leading to unauthorized access and data breaches. This vulnerability affects FortiAuthenticator versions 6.6.0 through 6.6.6, 6.5, 6.4, and 6.3."

Operational Audit Arsenal

Target Type Firmware

Target Asset FortiAuthenticator

Standard Path https://fortiguard.fortinet.com/psirt/FG-IR-25-528

Manual Verification Required

This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.

Patch Impact Forecast

Reboot Required Likely

Moderate, may cause temporary authentication service disruption

Internal Work Notes

FortiAuthenticator vulnerability CVE-2026-21743 - missing authorization allows read-only users to modify local users, requires immediate patching to prevent unauthorized access

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://fortiguard.fortinet.com/psirt/FG-IR-25-528

Scope of Impact

Fortinet Fortiauthenticator

Original NVD Description

"A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint."

Related Fortinet Threats

CVE-2024-23108 CVSS 10

FortiGate - API

CVE-2024-23109 CVSS 10

FortiGate - API

CVE-2023-34992 CVSS 10

FortiGate - API

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.