CVE-2021-26090

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.

Published: Jul 12, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-26090
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-401

Affected Software
References

Software	From	Fixed in
fortinet / fortimail	6.4.0	6.4.5
fortinet / fortimail	6.2.0	6.2.6.x

https://fortiguard.com/advisory/FG-IR-21-042

Vulnerability Database

289,782

CVE-2021-26090