← Back to home
wid-sec-w-2026-0671  ·  Published 2026-03-10  ·  View on BSI CERT-Bund ↗

Fortinet FortiAnalyzer and FortiManager: Multiple Vulnerabilities

CVSS 7.2 HIGH

Risk Summary

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.

CVEs (5)

Affected Vendors

Fortinet

Affected Products (24)

Fortinet · FortiAnalyzer <7.0.15
Fortinet · FortiAnalyzer 7.0.15
Fortinet · FortiAnalyzer <7.4.9
Fortinet · FortiAnalyzer 7.4.9
Fortinet · FortiAnalyzer <7.4.8
Fortinet · FortiAnalyzer 7.4.8
Fortinet · FortiAnalyzer <7.6.4
Fortinet · FortiAnalyzer 7.6.4
Fortinet · FortiAnalyzer <7.6.5
Fortinet · FortiAnalyzer 7.6.5
Fortinet · FortiAnalyzer <7.2.11
Fortinet · FortiAnalyzer 7.2.11
Fortinet · FortiManager <7.0.15
Fortinet · FortiManager 7.0.15
Fortinet · FortiManager <7.4.8
Fortinet · FortiManager 7.4.8
Fortinet · FortiManager <7.6.4
Fortinet · FortiManager 7.6.4
Fortinet · FortiManager <7.2.11
Fortinet · FortiManager 7.2.11
Fortinet · FortiManager <7.4.9
Fortinet · FortiManager 7.4.9
Fortinet · FortiManager <7.6.5
Fortinet · FortiManager 7.6.5

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more