CVE-2021-26090

MEDIUM

Fortinet Fortimail < 6.2.6 - Memory Leak

Title source: rule

Description

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.

References (1)

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-21-042

Scores

CVSS v3 5.3

EPSS 0.0042

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-401

Status published

Affected Products (1)

fortinet/fortimail < 6.2.6

Timeline

Published Jul 12, 2021

Tracked Since Feb 18, 2026