Main Vulnerability Database Vulnerabilities #VU123723

#VU123723 Authentication bypass using an alternate path or channel in FortiAnalyzer and FortiManager - CVE-2026-22572

Published: March 10, 2026

Vulnerability identifier: #VU123723

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-22572

CWE-ID: CWE-288

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiAnalyzer
FortiManager

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to bypass 2FA authentication checks.

The vulnerability exists due to authentication bypass using an alternate path or channel in GUI. A remote attacker with knowledge of the admins password can bypass multifactor authentication checks via submitting multiple crafted requests and gain unauthorized access to the system.

Remediation

Install updates from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-26-090

#VU123723 Authentication bypass using an alternate path or channel in FortiAnalyzer and FortiManager - CVE-2026-22572

Description

Remediation

External links

Please verify you're human