Clarification Request Regarding CVE Impact on FortiClient 7.2.13.1284

Forum|Forum|30 days ago
May 13, 2026
1 reply
67 views

Hello Fortinet Team,

I would like to confirm whether FortiClient Windows version 7.2.13.1284 is affected by the recently disclosed vulnerability related to Missing Authorization CVE-2026-44278, which may allow an authenticated local attacker to decrypt a currently logged-in user’s VPN password via an unprotected DLL function.

Could you please clarify:

Whether version 7.2.13.1284 is vulnerable
If this issue has already been fixed in this release
Whether any mitigation or upgrade is recommended

Thank you in advance for your assistance.

FortiClient

funkylicious

SuperUser

hi,

according to https://fortiguard.fortinet.com/psirt/FG-IR-26-129 all FortiClient 7.2 versions are vulnerable and a non-vulnerable version is starting with FortiClient 7.4.3 onwards

"jack of all trades, master of none"

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded