CVE-2026-44279

MEDIUM

FortiTokenAndroid 6.2, 6.1, 5.2 - Improper Export of Android Application Components

Title source: llm
STIX 2.1

Description

An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.

References (1)

Core 1

Scores

CVSS v3 5.5
EPSS 0.0010
EPSS Percentile 0.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-926
Status published
Products (8)
fortinet/fortitoken_mobile 5.2.0
fortinet/fortitoken_mobile 5.2.1
fortinet/fortitoken_mobile 5.2.2
fortinet/fortitoken_mobile 6.1.0
fortinet/fortitoken_mobile 6.2.0
Fortinet/FortiTokenAndroid 5.2.0 - 5.2.2
Fortinet/FortiTokenAndroid 6.1.0
Fortinet/FortiTokenAndroid 6.2.0
Published May 12, 2026
Tracked Since May 12, 2026