CVE-2026-44279

🔶 medium

Summary

A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via <insert attack vector here>

CVSS Score

5.5

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-12

First Seen: 2026-05-17

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.6% of all 326,604 vulnerabilities in our database.

#220,252

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 12, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-05-16

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE IDs (Weakness Types)

CWE-926

📦 Affected Products 5

Vendor	Product	Status	Affected Versions
fortinet	fortitoken_mobile	Affected	v5.2.0
fortinet	fortitoken_mobile	Affected	v5.2.1
fortinet	fortitoken_mobile	Affected	v5.2.2
fortinet	fortitoken_mobile	Affected	v6.1.0
fortinet	fortitoken_mobile	Affected	v6.2.0

Vendor

Product

Status

Affected Versions

fortinet

fortitoken_mobile

Affected

v5.2.0

fortinet

fortitoken_mobile

Affected

v5.2.1

fortinet

fortitoken_mobile

Affected

v5.2.2

fortinet

fortitoken_mobile

Affected

v6.1.0

fortinet

fortitoken_mobile

Affected

v6.2.0

🔗 References 1

🔗 Related CVEs 2

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2021-22131	🔶 medium	6.4	0.1	A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet ...	2022-07-18
CVE-2021-44166	🔶 medium	4.1	0.2	An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and ...	2022-03-02

These CVEs affect the same products