Security News

Cybersecurity news aggregator

🛡️
MEDIUM Vulnerabilities Fortinet PSIRT

Missing authorization on CSV user import

fortinet
  • What: A missing authorization vulnerability in FortiAuthenticator allows a read-only user to modify local users via file upload.
  • Impact: Unauthorized modification of local users on affected FortiAuthenticator versions.
  • Affected: FortiAuthenticator versions 6.6.0 through 6.6.6.
  • Patch: Upgrade to FortiAuthenticator 6.6.7 or above.
Read Full Article →

PSIRT Missing authorization on CSV user import Summary A missing authorization vulnerability [CWE-862] in FortiAuthenticator may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint. Version Affected Solution FortiAuthenticator 8.0 Not affected Not Applicable FortiAuthenticator 6.6 6.6.0 through 6.6.6 Upgrade to 6.6.7 or above FortiAuthenticator 6.5 6.5 all versions Migrate to a fixed release FortiAuthenticator 6.4 6.4 all versions Migrate to a fixed release FortiAuthenticator 6.3 6.3 all versions Migrate to a fixed release Acknowledgement Discovered during an independent audit commissioned by Fortinet. Timeline 2026-02-10: Initial publication

Related Articles

HIGH NCSC-2026-0156 [1.00] [M/H] Kwetsbaarheid verholpen in Fortinet FortiAuthenticator NCSC Netherlands CRITICAL Improper access control on API endpoints Fortinet PSIRT HIGH Incorrect global authorization Fortinet PSIRT LOW Open Redirection via Import CSV option Fortinet PSIRT
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn