vulnerability

Fortinet FortiOS: Insufficient Verification of Data Authenticity (CVE-2021-26103)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:H/Au:N/C:P/I:P/A:P)	Dec 8, 2021	Dec 13, 2021	Aug 11, 2025

Severity

CVSS

(AV:N/AC:H/Au:N/C:P/I:P/A:P)

Published

Dec 8, 2021

Added

Dec 13, 2021

Modified

Aug 11, 2025

Description

An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.

Solution

fortios-upgrade-latest

References

CVE-2021-26103
https://attackerkb.com/topics/CVE-2021-26103
CWE-345
URL-https://fortiguard.com/advisory/FG-IR-20-158

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today