CVE-2026-22153
published 2026-02-10CVE-2026-22153: An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated…
PriorityP261high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.70%
48.4th percentile
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | >= 7.6.0 < 7.6.5 | 7.6.5 |
| fortinet | fortios | 7.6.0 – 7.6.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated access attempts to Agentless VPN or FSSO policy endpoints on FortiOS 7.6.0–7.6.4, which may indicate LDAP authentication bypass exploitation ↗
- →Alert on successful VPN or FSSO authentications that do not correspond to a valid LDAP bind/response sequence from the configured remote LDAP server, as the bypass occurs due to a primary weakness in the authentication flow (CWE-305) ↗
- ·The bypass is only triggerable when the remote LDAP server is configured in a specific (undisclosed) way; review and harden LDAP server configurations used with Agentless VPN and FSSO policies on affected FortiOS versions ↗
- ·Affected versions are FortiOS 7.6.0 through 7.6.4 only; upgrade to a fixed version (fix available as of Feb 11, 2026) to remediate ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p2r3-58qh-phf8: An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7
ghsa_unreviewed·2026-02-10
CVE-2026-22153 [HIGH] CWE-305 GHSA-p2r3-58qh-phf8: An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
Fortinet
LDAP authentication bypass in Agentless VPN and FSSO
vendor_fortinet·2026-02-10·CVSS 8.1
CVE-2026-22153 [HIGH] CWE-305 LDAP authentication bypass in Agentless VPN and FSSO
FG-IR-25-1052: LDAP authentication bypass in Agentless VPN and FSSO
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
CVEs: CVE-2026-22153
CWEs: CWE-305
CVSS: 8.1 (high)
Affected products: FortiOS, Fortinet
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-59718 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2025-59718 [MEDIUM] CVE-2025-59718 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59718 :
FortiOS vulnerability analysis and mitigation
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Source : NVD
## 9.8
Score
Published December 9, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV
Wiz
CVE-2024-47570 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.6
CVE-2024-47570 [MEDIUM] CVE-2024-47570 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-47570 :
FortiOS vulnerability analysis and mitigation
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration).
Source : NVD
## 6.6
Score
Published December 9, 2025
Severity MEDIUM
CNA Score 6.6
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Du
Wiz
CVE-2025-62631 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2025-62631 [MEDIUM] CVE-2025-62631 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62631 :
FortiOS vulnerability analysis and mitigation
An insufficient session expiration vulnerability [CWE-613] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control
Source : NVD
## 5.6
Score
Published December 9, 2025
Severity MEDIUM
CNA Score 5.6
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
c
Wiz
CVE-2025-62439 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2025-62439 [MEDIUM] CVE-2025-62439 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62439 :
FortiOS vulnerability analysis and mitigation
An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.
Source : NVD
## 4.2
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.2
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and li
Wiz
CVE-2026-22153 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2026-22153 [MEDIUM] CVE-2026-22153 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22153 :
FortiOS vulnerability analysis and mitigation
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
Source : NVD
## 8.1
Score
Published February 10, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:o:fortinet:fortios
Sources
Linux Severity HIGH Has Fix Added at: Feb 11, 202
Wiz
CVE-2025-68686 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2025-68686 [MEDIUM] CVE-2025-68686 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68686 :
FortiOS vulnerability analysis and mitigation
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.
Source : NVD
## 5.9
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit No
Has CISA KEV Exploit No
Wiz
CVE-2025-64157 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2025-64157 [MEDIUM] CVE-2025-64157 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64157 :
FortiOS vulnerability analysis and mitigation
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.
Source : NVD
## 7.2
Score
Published February 10, 2026
Severity HIGH
CNA Score 6.7
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:o:fortinet:fortios
Sources
Linux Severity HIGH Has Fix Added at: Fe
Wiz
CVE-2026-24858 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-24858 [MEDIUM] CVE-2026-24858 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24858 :
FortiOS vulnerability analysis and mitigation
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 ma
Wiz
CVE-2025-25249 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-25249 [HIGH] CVE-2025-25249 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-25249 :
FortiOS vulnerability analysis and mitigation
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets
Source : NVD
## 9.8
Score
Published January 13, 2026
Severity CRITICAL
CNA Score 8.1
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:
Wiz
CVE-2025-55018 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2025-55018 [MEDIUM] CVE-2025-55018 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-55018 :
FortiOS vulnerability analysis and mitigation
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header
Source : NVD
## 5.8
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 5.8
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:
Wiz
CVE-2024-40593 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.0
CVE-2024-40593 [MEDIUM] CVE-2024-40593 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-40593 :
FortiOS vulnerability analysis and mitigation
A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.
Source : NVD
## 4.4
Score
Published December 11, 2025
Severity MEDIUM
CNA Score 6.0
Affected Technologies
FortiOS
Fortinet FortiProxy
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA
2026-02-10
Published