Search criteria

1 vulnerability found for FortiTokenAndroid by Fortinet

CVE-2026-44279 (GCVE-0-2026-44279)

Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-06-26 08:23
VLAI?
Summary
An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.
CWE
  • CWE-926 - Improper access control
Assigner
Impacted products
Vendor Product Version
Fortinet FortiTokenAndroid Affected: 6.2.0
Affected: 6.1.0
Affected: 5.2.0 , ≤ 5.2.2 (semver)
    cpe:2.3:a:fortinet:fortitokenandroid:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitokenandroid:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitokenandroid:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitokenandroid:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitokenandroid:5.2.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44279",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T18:59:55.342232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T19:02:36.321Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortitokenandroid:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitokenandroid:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitokenandroid:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitokenandroid:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitokenandroid:5.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiTokenAndroid",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.0"
            },
            {
              "status": "affected",
              "version": "6.1.0"
            },
            {
              "lessThanOrEqual": "5.2.2",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-926",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T08:23:24.786Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-130",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-130"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiTokenAndroid version 6.4.0 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2026-44279",
    "datePublished": "2026-05-12T16:54:09.625Z",
    "dateReserved": "2026-05-05T17:24:18.895Z",
    "dateUpdated": "2026-06-26T08:23:24.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}