README.md
Rendering markdown...
#!/usr/bin/env python3
"""
CVE-2026-44277 - FortiAuthenticator Unauthenticated RCE
Author : Ashraf Zaryouh / @0xBlackash
Github : https://www.github.com/0xBlackash/CVE-2026-44277
"""
import requests
import sys
import time
from colorama import init, Fore, Style
init(autoreset=True)
def banner():
print(f"""{Fore.RED}
╔══════════════════════════════════════════════════════════════╗
║ CVE-2026-44277 - FortiAuthenticator ║
║ Unauthenticated Remote Code Execution ║
╚══════════════════════════════════════════════════════════════╝{Style.RESET_ALL}""")
def check_target(target):
print(f"{Fore.CYAN}[*] Targeting: {target}{Style.RESET_ALL}\n")
paths = [
"/api/v1/aaa",
"/api/v1/fortiauth",
"/api/v1/config",
"/api/v1/backup",
"/api/v1/import"
]
headers = {
"User-Agent": "Mozilla/5.0 (CVE-2026-44277 PoC)",
"Accept": "application/json"
}
for path in paths:
try:
url = target.rstrip("/") + path
print(f"[*] Testing → {path}", end=" ")
r = requests.get(url, headers=headers, timeout=8, verify=False, allow_redirects=True)
if r.status_code in [200, 403, 500] and len(r.text) > 50:
print(f"{Fore.GREEN}→ Reachable{Style.RESET_ALL}")
print(f"{Fore.RED}[!!] Potential vulnerable endpoint found!{Style.RESET_ALL}")
print(f" Status: {r.status_code} | Length: {len(r.text)}")
else:
print(f"{Fore.YELLOW}→ {r.status_code}{Style.RESET_ALL}")
except Exception as e:
print(f"{Fore.RED}→ Error{Style.RESET_ALL}")
print(f"\n{Fore.YELLOW}[!] Note: This is a detection PoC.{Style.RESET_ALL}")
print(f"{Fore.YELLOW} Full RCE requires specific payload not included for safety.{Style.RESET_ALL}")
if __name__ == "__main__":
banner()
if len(sys.argv) < 2:
print("Usage: python3 CVE-2026-44277.py <http://target>")
print("Example: python3 CVE-2026-44277.py http://192.168.1.50")
sys.exit(1)
target = sys.argv[1]
check_target(target)
print(f"\n{Fore.RED}[!] Update FortiAuthenticator to 6.5.7 / 6.6.9 / 8.0.3 or newer immediately.{Style.RESET_ALL}")