CVE-2026-22629

CWE-3075 documents5 sources

Severity

3.7LOW

EPSS

0.1%

top 82.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortianalyzer Cloud Fortinet Fortimanager +1 more

Timeline

PublishedMar 10

Description

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all ve…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages8 packages

▶NVDfortinet/fortimanager_cloud6.4.0 — 7.6.5

▶NVDfortinet/fortianalyzer_cloud6.4.0 — 7.6.5

▶CVEListV5fortinet/fortimanager_cloud7.6.2 — 7.6.3+4

▶CVEListV5fortinet/fortianalyzer_cloud7.4.1 — 7.4.7+4

▶NVDfortinet/fortimanager6.4.0 — 7.6.5

🔴Vulnerability Details

CVEList

CVE-2026-22629: An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

GHSA

GHSA-qwch-jrh6-94wh: An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

📋Vendor Advisories

Fortinet

Authentication Lockout Bypass via Race Condition↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-22629 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶