CVE-2026-22572

Summary

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiManager7.6.0 <= 7.6.3affected
FortinetFortiManager7.4.0 <= 7.4.7affected
FortinetFortiManager7.2.2 <= 7.2.12affected
FortinetFortiAnalyzer7.6.0 <= 7.6.3affected
FortinetFortiAnalyzer7.4.0 <= 7.4.7affected
FortinetFortiAnalyzer7.2.2 <= 7.2.12affected

Weaknesses

  • CWE-288: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References