CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-44279

unknowncovered by 1 sourcefirst seen 2026-05-12
CVSSv3 Score: 5.0 An improper export of Android application components [CWE-926] in FortiTokenAndroid may allow other applications on the device to read the OTP code via an exported Content Provider URI. Revised on 2026-05-12 00:00:00

CSIRTS triage

What
An improper export of application components allows other apps to read OTP codes.
Who is affected
Users of FortiTokenAndroid on their devices.
Urgency
Remediation is important to prevent unauthorized access to OTP codes.
Action
Apply patches or restrict access to the affected components.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-44279

Get an email if CVE-2026-44279 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-44279

CVE.org record

Embed the live status

CVE-2026-44279 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-44279 status](https://www.csirts.com/badge/CVE-2026-44279)](https://www.csirts.com/cve/CVE-2026-44279)