CVE-2026-44279

MEDIUM

FortiTokenAndroid 6.2, 6.1, 5.2 - Improper Export of Android Application Components

Title source: llm

Description

A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via <insert attack vector here>

References (1)

Core 1

Core References

https://fortiguard.fortinet.com/psirt/FG-IR-26-130

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-926

Status published

Products (8)

fortinet/fortitoken_mobile 5.2.0

fortinet/fortitoken_mobile 5.2.1

fortinet/fortitoken_mobile 5.2.2

fortinet/fortitoken_mobile 6.1.0

fortinet/fortitoken_mobile 6.2.0

Fortinet/FortiTokenAndroid 5.2.0 - 5.2.2

Fortinet/FortiTokenAndroid 6.1.0

Fortinet/FortiTokenAndroid 6.2.0

Published May 12, 2026

Tracked Since May 12, 2026