Security News

Cybersecurity news aggregator

🔓
MEDIUM Vulnerabilities Fortinet PSIRT

Improper access control in API endpoints

cve-2026-49938fortiportalapimitre-ta0001mitre-t1190
  • What: Improper access control in FortiPortal API endpoints
  • Impact: Remote attackers with organization user role can access sensitive network data
Read Full Article →

PSIRT Improper access control in API endpoints Summary An improper access control vulnerability [CWE-284] in FortiPortal API endpoints may allow a remote privileged attacker with organization user role to obtain sensitive network configuration data via crafted HTTP requests. Version Affected Solution FortiPortal 7.4 7.4.0 through 7.4.7 Upgrade to 7.4.8 or above FortiPortal 7.2 7.2.0 through 7.2.8 Upgrade to 7.2.9 or above FortiPortal 7.0 7.0 all versions Migrate to a fixed release Timeline 2026-06-09: Initial publication IR Number FG-IR-26-140 Published Date Jun 9, 2026 Component API Severity Medium Discovered External Attack Type Authenticated Known Exploited No CVSSv3 Score 6.2 Impact Improper access control CVE ID CVE-2026-49938 Download CVRF CSAF

Related Articles

HIGH Multiples vulnérabilités dans les produits Fortinet (10 juin 2026) CERT-FR (ANSSI) HIGH NCSC-2026-0197 [1.00] [M/H] Kwetsbaarheid verholpen in Fortinet FortiPortal NCSC Netherlands HIGH Google API Keys Quietly Gain Access to Gemini on Android Devices Infosecurity Magazine MEDIUM Vulnérabilité dans Foxit PDF Services API (13 avril 2026) CERT-FR (ANSSI)
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn