Main Vulnerability Database SB2026031085

SB2026031085 - Multifactor authentication bypass in FortiAnalyzer and FortiManager

Published: March 10, 2026

Security Bulletin ID SB2026031085

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2026-22572)

The vulnerability allows a remote attacker to bypass 2FA authentication checks.

The vulnerability exists due to authentication bypass using an alternate path or channel in GUI. A remote attacker with knowledge of the admins password can bypass multifactor authentication checks via submitting multiple crafted requests and gain unauthorized access to the system.

Remediation

Install update from vendor's website.

References

https://www.fortiguard.com/psirt/FG-IR-26-090