CVE-2021-26087 CVSS:4.3

Fortinet FortiWLC is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input.

CVE-2021-22126 CVSS:6.5

Fortinet FortiWLC contains default hardcoded credentials. A remote attacker could exploit this vulnerability to gain root access to the system.