Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
FortiWeb: Attackers Can Send Many Login Attempts Without Being Blocked
CVE-2026-24017
Summary
A security issue in FortiWeb versions 8.0.0 to 8.0.2 and versions 7.6.0 to 7.6.5, and other older versions, could allow an attacker to try to guess passwords many times without being blocked. This could make it easier for attackers to guess a correct password. FortiNet should be updated to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| fortinet | fortiweb | > 7.0.0 , <= 7.0.12 | – |
| fortinet | fortiweb | > 7.2.0 , <= 7.2.12 | – |
| fortinet | fortiweb | > 7.4.0 , <= 7.4.11 | – |
| fortinet | fortiweb | > 7.6.0 , <= 7.6.6 | – |
| fortinet | fortiweb | > 8.0.0 , <= 8.0.3 | – |
Original title
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7....
Original description
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
nvd CVSS3.1
8.1
Vulnerability type
CWE-799
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026