Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Published: 2026-01-27
Score: 9.4 Critical
EPSS: 2.3% Low
KEV: Yes
Impact: Authentication bypass using an alternate path allowing unauthorized device access across Fortinet products
Action: Immediate Patch
AI Analysis

Impact

An Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288) exists in multiple Fortinet products. The flaw allows an attacker who holds a valid FortiCloud account and has a registered device to authenticate to other devices registered under different accounts when FortiCloud SSO is enabled, effectively bypassing normal authentication controls and granting full administrative access to those systems.

Affected Systems

Affected products include FortiAnalyzer (versions 7.0.0–7.6.5, 7.4.0–7.4.9, 7.2.0–7.2.11), FortiManager (7.0.0–7.6.5, 7.4.0–7.4.9, 7.2.0–7.2.11), FortiOS (7.0.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.12), FortiProxy (7.0.0–7.6.4, 7.4.0–7.4.12, 7.2.0–7.2.15), and FortiWeb (7.4.0–7.4.11, 7.6.0–7.6.6, 8.0.0–8.0.3).

Risk and Exploitability

The vulnerability has a CVSS score of 9.4 and an EPSS score of 2%, indicating a high severity and a moderate likelihood of exploitation at the time of analysis. It is listed in the CISA KEV catalog, signifying that known exploits exist. Exploitation requires the attacker to have a FortiCloud account and a registered device; the attack vector is remote, relying on the FortiCloud SSO authentication path used by the affected devices. Successful exploitation grants the attacker full control over the compromised device, potentially expanding reach to other network assets.

Generated by OpenCVE AI on April 16, 2026 at 07:16 UTC.

Remediation

Vendor Solution

Upgrade to upcoming FortiOS version 8.0.0 or above Upgrade to FortiOS version 7.6.6 or above Upgrade to FortiOS version 7.4.11 or above Upgrade to FortiOS version 7.2.13 or above Upgrade to FortiOS version 7.0.19 or above Upgrade to upcoming FortiManager version 8.0.0 or above Upgrade to FortiManager version 7.6.6 or above Upgrade to FortiManager version 7.4.10 or above Upgrade to FortiManager version 7.2.12 or above Upgrade to FortiManager version 7.0.16 or above Upgrade to FortiAnalyzer version 7.6.6 or above Upgrade to FortiAnalyzer version 7.4.10 or above Upgrade to FortiAnalyzer version 7.2.12 or above Upgrade to FortiAnalyzer version 7.0.16 or above Upgrade to FortiProxy version 7.6.5 or above Upgrade to FortiProxy version 7.4.13 or above Upgrade to FortiProxy version 7.2.16 or above Upgrade to FortiProxy version 7.0.23 or above Upgrade to FortiWeb version 8.0.4 or above Upgrade to FortiWeb version 7.6.7 or above Upgrade to FortiWeb version 7.4.12 or above Upgrade to FortiNAC-F version 7.6.6 or above Upgrade to FortiSwitchManager version 7.2.9 or above Upgrade to FortiSwitchManager version 7.0.8 or above

OpenCVE Recommended Actions

  • Upgrade all Fortinet devices to the latest available firmware: FortiAnalyzer 7.6.6 or later, FortiManager 7.6.6 or later, FortiOS 8.0.0 or later, FortiProxy 7.6.5 or later, and FortiWeb 8.0.4 or later as recommended by the vendor.
  • If immediate upgrade is not feasible, disable the FortiCloud SSO feature on all devices that require it, or restrict its usage to trusted accounts only.
  • Implement device registration restrictions and monitor authentication logs for suspicious SSO logins, ensuring that only authorized devices and accounts can establish SSO sessions.

Generated by OpenCVE AI on April 16, 2026 at 07:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Title Fortinet Authentication Bypass via Alternate Path Allows Unauthorized Device Access

Thu, 29 Jan 2026 10:00:00 +0000

Type Values Removed Values Added
Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Wed, 28 Jan 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Wed, 28 Jan 2026 14:30:00 +0000

Type Values Removed Values Added
Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
First Time appeared Fortinet fortiproxy
Fortinet fortiweb
CPEs cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
Vendors & Products Fortinet fortiproxy
Fortinet fortiweb

Tue, 27 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
References

Tue, 27 Jan 2026 21:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-01-27T00:00:00+00:00', 'dueDate': '2026-01-30T00:00:00+00:00'}

Tue, 27 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 19:30:00 +0000

Type Values Removed Values Added
Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
First Time appeared Fortinet
Fortinet fortianalyzer
Fortinet fortimanager
Fortinet fortios
Weaknesses CWE-288
CPEs cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortianalyzer
Fortinet fortimanager
Fortinet fortios
References
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C'}

Subscriptions

Fortinet Fortianalyzer Fortimanager Fortios Fortiproxy Fortiweb
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-03-23T17:23:13.215Z

Reserved: 2026-01-27T15:11:02.057Z

Link: CVE-2026-24858

cve-icon Vulnrichment

Updated: 2026-01-27T19:30:19.472Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T20:16:24.477

Modified: 2026-01-29T13:16:51.047

Link: CVE-2026-24858

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:30:28Z

Weaknesses