CVE-2021-26088

HIGH

Fortinet Single Sign-On < 6.4.6 - Unauthenticated Authentication Bypass via UDP Login Notification Packets

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-26088. PoCs published by theogobinet.

AI-analyzed exploit summary This repository contains a functional PowerShell exploit for CVE-2021-26088, an improper authentication vulnerability in Fortinet FSSO Collector. The exploit forges UDP login notification packets to bypass firewall authentication rules, allowing unauthorized access to protected networks.

Description

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.

Exploits (1)

nomisec WORKING POC 3 stars
by theogobinet · poc
https://github.com/theogobinet/CVE-2021-26088

This repository contains a functional PowerShell exploit for CVE-2021-26088, an improper authentication vulnerability in Fortinet FSSO Collector. The exploit forges UDP login notification packets to bypass firewall authentication rules, allowing unauthorized access to protected networks.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Fortinet FSSO Collector
No auth needed
Prerequisites: Network access to the target FSSO Collector · Knowledge of the target's IP address and UDP port (8002) · ServiceMagicNumber value from the target system
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-20-191

Scores

CVSS v3 7.1
EPSS 0.0103
EPSS Percentile 59.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-287
Status published
Products (1)
fortinet/fortinet_single_sign-on < 6.4.6
Published Jul 12, 2021
Tracked Since Feb 18, 2026