CVE-2026-22572

CWE-2885 documents5 sources

Severity

7.2HIGH

EPSS

0.1%

top 73.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager Fortinet Fortimanager Cloud

Timeline

PublishedMar 10

Description

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

▶NVDfortinet/fortimanager7.2.2 — 7.4.8+1

▶NVDfortinet/fortianalyzer7.2.2 — 7.4.8+1

▶NVDfortinet/fortimanager_cloud7.2.2 — 7.4.8+1

▶CVEListV5fortinet/fortimanager7.6.0 — 7.6.3+2

▶CVEListV5fortinet/fortianalyzer7.6.0 — 7.6.3+2

🔴Vulnerability Details

CVEList

CVE-2026-22572: An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

GHSA

GHSA-x29j-xwrc-hxr3: An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

📋Vendor Advisories

Fortinet

MFA Bypass in GUI↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-22572 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶