Main Vulnerability Database SB2026031085

SB2026031085 - Multifactor authentication bypass in FortiAnalyzer and FortiManager

Published: March 10, 2026

Security Bulletin ID SB2026031085

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2026-22572)

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass 2FA authentication checks.

The vulnerability exists due to authentication bypass using an alternate path or channel in GUI. A remote attacker with knowledge of the admins password can bypass multifactor authentication checks via submitting multiple crafted requests and gain unauthorized access to the system.

Remediation

Install update from vendor's website.

References

https://www.fortiguard.com/psirt/FG-IR-26-090