FORTINET Security Advisory
Published Date: May 12, 2026
Advisory Summary
Fortinet has disclosed a security vulnerability in its FortiTokenAndroid application identified as CWE-926, related to the improper exportation of Android application components. This flaw potentially allows other applications on the same device to access one-time password (OTP) codes through an exported Content Provider URI. The vulnerability has been assigned a CVSSv3 score of 5.0, indicating a moderate security risk.
This issue underscores the importance of secure component export configurations in mobile security applications, especially those managing sensitive authentication data like OTPs. Organizations using FortiTokenAndroid should ensure they update to the latest patched version that addresses this exposure to prevent unauthorized OTP access and potential security breaches.
- Vulnerability affects the export of Android components in FortiTokenAndroid.
- Allows extraction of OTP codes by unauthorized apps on the device.
- CVSSv3 score: 5.0 (moderate severity).
- Recommended actions include prompt application updates and review of app permissions.
Stay vigilant and verify your FortiTokenAndroid application versions to safeguard multi-factor authentication processes.
🔗
Reference: Vendor Advisory