{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T22:20:53.503","vulnerabilities":[{"cve":{"id":"CVE-2021-26091","sourceIdentifier":"psirt@fortinet.com","published":"2025-03-24T16:15:16.450","lastModified":"2025-07-23T15:53:04.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials."},{"lang":"es","value":"El uso de una vulnerabilidad de generador de números pseudoaleatorios criptográficamente débil en el autenticador del servicio de cifrado basado en identidad de FortiMail 6.4.0 a 6.4.4 y 6.2.0 a 6.2.7 puede permitir que un atacante no autenticado infiera partes de los tokens de autenticación de los usuarios y restablezca sus credenciales."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-338"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.4.5","matchCriteriaId":"E6ECDB5E-50A7-4E63-9F38-A7C58EF06C3F"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-031","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}