Use of Hard-Coded Cryptographic Key Vulnerability in Fortinet FortiClient
CVE-2026-44278

2.1LOW

Key Information:

Vendor: Fortinet
Status: Forticlientwindows
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-44278?

A vulnerability exists in Fortinet's FortiClient, specifically in versions 7.4.0 through 7.4.2 and all versions of 7.2. The issue relates to the use of hard-coded cryptographic keys, which may lead to information disclosure. An attacker exploiting this vulnerability can potentially gain unauthorized access to sensitive information, highlighting the need for immediate updates and security patches.

Affected Version(s)

FortiClientWindows 7.4.0 <= 7.4.2

FortiClientWindows 7.2.0 <= 7.2.14

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-129

CVSS V3.1

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44278 Data

JSON