PT-2026-24242 · Fortinet · Fortianalyzer+3
Published
2026-03-10
·
Updated
2026-03-17
·
CVE-2026-22629
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiAnalyzer versions 6.4 through 7.6.4
Fortinet FortiManager versions 6.4 through 7.6.4
Fortinet FortiAnalyzer Cloud versions 6.4 through 7.6.4
Fortinet FortiManager Cloud versions 6.4 through 7.6.4
Description
The issue involves an insufficient restriction of excessive authentication attempts. This can allow an attacker to bypass brute-force protections by exploiting race conditions. The exploitation of race conditions increases the complexity of practical exploitation.
Recommendations
Fortinet FortiAnalyzer versions 6.4 through 7.6.4: Update to a newer version that addresses this issue.
Fortinet FortiManager versions 6.4 through 7.6.4: Update to a newer version that addresses this issue.
Fortinet FortiAnalyzer Cloud versions 6.4 through 7.6.4: Update to a newer version that addresses this issue.
Fortinet FortiManager Cloud versions 6.4 through 7.6.4: Update to a newer version that addresses this issue.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortianalyzer
Fortianalyzer Cloud
Fortimanager
Fortimanager Cloud