Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.7
Fortinet FortiAnalyzer and FortiManager: Easy Password Guessing
CVE-2026-22629
Summary
Fortinet's FortiAnalyzer and FortiManager products have a security weakness that makes it easier for hackers to try many passwords in quick succession, potentially allowing them to guess a user's password even if it's difficult to crack. This affects multiple versions of the software, including those used in cloud environments. Fortinet recommends applying the latest security patches to address this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| fortinet | fortianalyzer | > 6.4.0 , <= 7.6.5 | – |
| fortinet | fortianalyzer_cloud | > 6.4.0 , <= 7.6.5 | – |
| fortinet | fortimanager | > 6.4.0 , <= 7.6.5 | – |
| fortinet | fortimanager_cloud | > 6.4.0 , <= 7.6.5 | – |
Original title
An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyz...
Original description
An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4 all versions, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.
nvd CVSS3.1
3.7
Vulnerability type
CWE-307
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026