CVE-2026-22572

medium

Fortinet

CVSS v3 Base Score

6.8

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

EPSS Score

0.1%

Exploitation probability in 30 days

Top 78% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: March 10, 2026 (64 days ago)

Last Modified: March 13, 2026

Vendor: Fortinet

Source: MITRE

Description

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.

CWE

CWE-288

Affected Products

Fortinet FortiManagerFortinet FortiAnalyzer

References

🔗 fortiguard.fortinet.com

CVE-2026-22572

Vulnerability Report

Description

CWE

Affected Products

References