Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.2

Fortinet FortiAnalyzer and FortiManager: Password Bypass After Multiple Requests

CVE-2026-22572
Summary

Certain versions of Fortinet's FortiAnalyzer and FortiManager software have a security weakness that could allow an attacker to bypass the two-factor authentication system by submitting multiple requests with the administrator's password. This could potentially give an attacker unauthorized access to the system. Fortinet recommends updating to the latest version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
fortinet fortianalyzer > 7.2.2 , <= 7.4.8
fortinet fortianalyzer > 7.6.0 , <= 7.6.4
fortinet fortimanager > 7.2.2 , <= 7.4.8
fortinet fortimanager > 7.6.0 , <= 7.6.4
fortinet fortimanager_cloud > 7.2.2 , <= 7.4.8
fortinet fortimanager_cloud > 7.6.0 , <= 7.6.4
Original title
An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, Forti...
Original description
An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11, FortiManager Cloud 7.6.0 through 7.6.3, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2.2 through 7.2.10 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.
nvd CVSS3.1 7.2
Vulnerability type
CWE-288 Authentication Bypass Using Alternate Path
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026