CVE-2026-25815Use of Default Cryptographic Key in Fortinet Fortios

CWE-1394Use of Default Cryptographic Key4 documents4 sources
Severity
3.2LOWNVD
EPSS
0.0%
top 99.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedFeb 5
Latest updateFeb 6

Description

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instance of CWE-1394 is not a vulnerability because customers "are supposed to enable" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 1.4 | Impact: 1.4

Affected Packages1 packages

CVEListV5fortinet/fortios7.6.6

🔴Vulnerability Details

3
GHSA
GHSA-867w-ffwp-rh44: Fortinet FortiOS through 72026-02-06
CVEList
CVE-2026-25815: Fortinet FortiOS through 72026-02-05
VulnCheck
Fortinet FortiOS LDAP Credentials Disclosure2026
CVE-2026-25815 — Use of Default Cryptographic Key | cvebase