CVE-2026-22572

Authentication Bypass via Crafted Requests on FortiAnalyzer and FortiManager

Description

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.

INFO

Published Date :

2026-03-10T16:44:16.080Z

Last Modified :

2026-03-13T19:56:38.713Z

Source :

fortinet

AFFECTED PRODUCTS

The following products are affected by CVE-2026-22572 vulnerability.

Vendors	Products
Fortinet	Fortianalyzer Fortianalyzercloud Fortimanager Fortimanager Cloud Fortimanagercloud

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22572.

URL	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-26-090

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact