CVE-2026-22572

high

Fortinet

CVSS v3 Base Score

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Published: March 10, 2026

Last Modified: March 13, 2026

Vendor: Fortinet

Source: NVD

Description

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11, FortiManager Cloud 7.6.0 through 7.6.3, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2.2 through 7.2.10 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.

CWE

CWE-288

Affected Products

fortinet fortianalyzerfortinet fortimanagerfortinet fortimanager cloud

References

🔗 fortiguard.fortinet.com

CVE-2026-22572

Vulnerability Report

Description

CWE

Affected Products

References