PT-2026-24239 · Fortinet · Fortianalyzer+2
Published
2026-03-10
·
Updated
2026-03-18
·
CVE-2026-22572
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiAnalyzer versions 7.2.2 through 7.6.3
Fortinet FortiManager versions 7.2.2 through 7.6.3
Fortinet FortiManager Cloud versions 7.2.2 through 7.6.3
Description
This issue is an authentication bypass that uses an alternate path or channel. An attacker with knowledge of the administrator's password may be able to bypass multifactor authentication checks by submitting multiple crafted requests. The vulnerability affects Fortinet FortiAnalyzer and FortiManager products.
Recommendations
FortiAnalyzer versions 7.2.2 through 7.6.3 should be updated.
FortiManager versions 7.2.2 through 7.6.3 should be updated.
FortiManager Cloud versions 7.2.2 through 7.6.3 should be updated.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortianalyzer
Fortimanager
Fortimanager Cloud