Description
An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.
References (1)
Core 1
Core References
Various Sources
https://fortiguard.fortinet.com/psirt/FG-IR-26-090
Scores
CVSS v3
7.2
EPSS
0.0056
EPSS Percentile
42.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-288
Status
published
Products (3)
fortinet/fortianalyzer
7.2.2 - 7.4.8
fortinet/fortimanager
7.2.2 - 7.4.8
fortinet/fortimanager_cloud
7.2.2 - 7.4.8
Published
Mar 10, 2026
Tracked Since
Mar 11, 2026