CVE-2026-44279 Fortinet CVE debrief

Who should care

Organizations using Fortinet FortiTokenAndroid versions 5.2, 6.1, and 6.2 should prioritize patching this vulnerability to prevent potential information disclosure. Attackers could exploit this vulnerability to gain unauthorized access to sensitive information. Security teams should review their inventory of affected systems and apply patches or mitigations as recommended by Fortinet.

Technical summary

The vulnerability, CVE-2026-44279, is caused by an improper export of android application components in Fortinet FortiTokenAndroid. This allows attackers to access sensitive information via an exported Content Provider URI. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. The affected versions are 5.2, 6.1, and 6.2 of FortiTokenAndroid. Fortinet has released a vendor advisory (FG-IR-26-130) providing guidance on mitigation.

Defensive priority

Apply patches or mitigations recommended by Fortinet for FortiTokenAndroid versions 5.2, 6.1, and 6.2. Review inventory of affected systems and prioritize patching to prevent potential information disclosure.

Recommended defensive actions

• Apply patches or mitigations recommended by Fortinet for FortiTokenAndroid versions 5.2, 6.1, and 6.2.
• Review inventory of affected systems and prioritize patching.
• Monitor for suspicious activity related to exported Content Provider URIs.
• Implement compensating controls to limit access to sensitive information.
• Exception tracking and monitoring for affected systems.

Evidence notes

The CVE-2026-44279 vulnerability was published on May 12, 2026, and modified on June 26, 2026. The CVSS score is 5.5, and the severity rating is MEDIUM. Fortinet has provided a vendor advisory (FG-IR-26-130) for mitigation. The affected versions are 5.2, 6.1, and 6.2 of FortiTokenAndroid. The vulnerability allows attackers to disclose information via an exported Content Provider URI.

Official resources