CVE-2026-22153 | THREATINT

Description

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.

PUBLISHED Reserved 2026-01-06 | Published 2026-02-10 | Updated 2026-02-11 | Assigner fortinet

HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Problem types

Improper access control

Product status

Default status

unaffected

7.6.0 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-25-1052

cve.org (CVE-2026-22153)

nvd.nist.gov (CVE-2026-22153)

Download JSON