5.5

CVE-2026-44279

Medienbericht
An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortitoken Mobile Version5.2.0 SwPlatformandroid
FortinetFortitoken Mobile Version5.2.1 SwPlatformandroid
FortinetFortitoken Mobile Version5.2.2 SwPlatformandroid
FortinetFortitoken Mobile Version6.1.0 SwPlatformandroid
FortinetFortitoken Mobile Version6.2.0 SwPlatformandroid
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.009
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@fortinet.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-926 Improper Export of Android Application Components

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
13.05.2026 12:20
https://fortiguard.fortinet.com/psirt/FG-IR-26-130
Vendor Advisory