CVE-2026-22153
Published: 10 February 2026
Summary
CVE-2026-22153 is a high-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Fortinet Fortios. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-17 (Remote Access).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates timely identification, reporting, and remediation of system flaws, directly addressing this FortiOS LDAP authentication bypass by requiring patching of affected versions.
Requires robust identification and authentication for organizational users, mitigating authentication bypass risks in LDAP for Agentless VPN and FSSO though not fixing the specific software flaw.
Establishes authorization and restrictions for remote access including Agentless VPN, limiting exploitation of the LDAP authentication bypass to unauthorized network access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass vuln in public-facing FortiOS VPN/FSSO service directly enables remote exploitation for unauthorized access (T1190) and abuse of external remote services (T1133).
NVD Description
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific…
more
way.
Deeper analysisAI
CVE-2026-22153 is an Authentication Bypass by Primary Weakness vulnerability (CWE-305) in Fortinet FortiOS versions 7.6.0 through 7.6.4. The issue affects LDAP authentication for Agentless VPN or FSSO policy when the remote LDAP server is configured in a specific way, potentially allowing unauthenticated attackers to bypass authentication controls. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility but high attack complexity.
An unauthenticated attacker can exploit this vulnerability over the network without privileges or user interaction, provided the required specific LDAP server configuration exists. Successful exploitation bypasses LDAP authentication, enabling unauthorized access to Agentless VPN or FSSO policies and resulting in high impacts to confidentiality, integrity, and availability.
Mitigation details are available in the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-25-1052.
Details
- CWE(s)