CVE-2026-22572
published 2026-03-10CVE-2026-22572: An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | >= 7.2.2 < 7.4.8 | 7.4.8 |
| fortinet | fortianalyzer | 7.2.2 – 7.2.12 | — |
| fortinet | fortianalyzer | 7.4.0 – 7.4.7 | — |
| fortinet | fortianalyzer | >= 7.6.0 < 7.6.4 | 7.6.4 |
| fortinet | fortianalyzer | 7.6.0 – 7.6.3 | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 7.2.2 < 7.4.8 | 7.4.8 |
| fortinet | fortimanager | 7.2.2 – 7.2.12 | — |
| fortinet | fortimanager | 7.4.0 – 7.4.7 | — |
| fortinet | fortimanager | >= 7.6.0 < 7.6.4 | 7.6.4 |
| fortinet | fortimanager | 7.6.0 – 7.6.3 | — |
| fortinet | fortimanager_cloud | >= 7.2.2 < 7.4.8 | 7.4.8 |
| fortinet | fortimanager_cloud | >= 7.6.0 < 7.6.4 | 7.6.4 |
| fortinet | fortimanagercloud | — | — |
| fortinet | fortinet | — | — |