Vulnerability Details CVE-2026-22572
An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.5%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2026-22572
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.10
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.11
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.2
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.3
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.4
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.5
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.6
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.7
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.8
-
cpe:2.3:a:fortinet:fortianalyzer:7.2.9
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.0
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.1
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.2
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.3
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.4
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.5
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.6
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.7
-
cpe:2.3:a:fortinet:fortianalyzer:7.6.0
-
cpe:2.3:a:fortinet:fortianalyzer:7.6.1
-
cpe:2.3:a:fortinet:fortianalyzer:7.6.2
-
cpe:2.3:a:fortinet:fortianalyzer:7.6.3
-
cpe:2.3:a:fortinet:fortimanager:7.2.10
-
cpe:2.3:a:fortinet:fortimanager:7.2.11
-
cpe:2.3:a:fortinet:fortimanager:7.2.2
-
cpe:2.3:a:fortinet:fortimanager:7.2.3
-
cpe:2.3:a:fortinet:fortimanager:7.2.4
-
cpe:2.3:a:fortinet:fortimanager:7.2.5
-
cpe:2.3:a:fortinet:fortimanager:7.2.6
-
cpe:2.3:a:fortinet:fortimanager:7.2.7
-
cpe:2.3:a:fortinet:fortimanager:7.2.8
-
cpe:2.3:a:fortinet:fortimanager:7.2.9
-
cpe:2.3:a:fortinet:fortimanager:7.4.0
-
cpe:2.3:a:fortinet:fortimanager:7.4.1
-
cpe:2.3:a:fortinet:fortimanager:7.4.2
-
cpe:2.3:a:fortinet:fortimanager:7.4.3
-
cpe:2.3:a:fortinet:fortimanager:7.4.4
-
cpe:2.3:a:fortinet:fortimanager:7.4.5
-
cpe:2.3:a:fortinet:fortimanager:7.4.6
-
cpe:2.3:a:fortinet:fortimanager:7.4.7
-
cpe:2.3:a:fortinet:fortimanager:7.6.0
-
cpe:2.3:a:fortinet:fortimanager:7.6.1
-
cpe:2.3:a:fortinet:fortimanager:7.6.2
-
cpe:2.3:a:fortinet:fortimanager:7.6.3
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.10
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.11
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.2
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.3
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.4
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.5
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.6
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.7
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.8
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.9
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.0
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.1
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.2
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.3
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.4
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.5
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.6
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.7
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.6.0
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.6.1
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.6.2