CVE-2026-49938 MEDIUM

CVE-2026-49938

Vendor Fortinet
Product FortiPortal
Weakness CWE-284
Published June 9, 2026
Last update June 9, 2026

CVSS base score

6.2/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 9, 2026 Record updated