Cyber Resilience

CVE-2026-22572

High

Published: 10 March 2026

Published
10 March 2026
Modified
16 March 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22572 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Fortinet Fortianalyzer. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2026-22572 is an authentication bypass vulnerability using an alternate path or channel, classified under CWE-288. It affects Fortinet FortiAnalyzer versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, and 7.2.2 through 7.2.11, as well as FortiManager in the same version ranges. The issue enables an attacker with knowledge of an admin's password to bypass multifactor authentication checks by submitting multiple crafted requests, as disclosed on March 10, 2026.

The vulnerability has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating network-accessible exploitation with low complexity but requiring high privileges. An attacker who already knows the admin password can leverage crafted requests to evade MFA, achieving high confidentiality, integrity, and availability impacts, such as unauthorized administrative access to the FortiAnalyzer or FortiManager instances.

Fortinet's PSIRT advisory FG-IR-26-090 at https://fortiguard.fortinet.com/psirt/FG-IR-26-090 provides further details on the vulnerability, including mitigation steps and available patches.

EU & UK References

Vulnerability details

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker…

more

with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1556.006 Multi-Factor Authentication Defense Impairment
Adversaries may disable or modify multi-factor authentication (MFA) mechanisms to enable persistent access to compromised accounts.
Why these techniques?

CVE enables remote auth bypass on public-facing Fortinet appliances via alternate path, directly facilitating T1190 exploitation and T1556.006 MFA evasion with known credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-35276Same product: Fortinet Fortianalyzer
CVE-2025-61848Same product: Fortinet Fortianalyzer
CVE-2024-50563Same product: Fortinet Fortianalyzer
CVE-2024-36512Same product: Fortinet Fortianalyzer
CVE-2024-35277Same product: Fortinet Fortimanager
CVE-2024-33502Same product: Fortinet Fortianalyzer
CVE-2024-40584Same product: Fortinet Fortianalyzer
CVE-2024-50566Same product: Fortinet Fortimanager
CVE-2025-24472Same vendor: Fortinet
CVE-2024-55591Same vendor: Fortinet

Affected Assets

fortinet
fortianalyzer
7.2.2 — 7.4.8 · 7.6.0 — 7.6.4
fortinet
fortimanager
7.2.2 — 7.4.8 · 7.6.0 — 7.6.4
fortinet
fortimanager cloud
7.2.2 — 7.4.8 · 7.6.0 — 7.6.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires multi-factor authentication for organizational users and therefore blocks the MFA bypass path described in CVE-2026-22572.

prevent

Enforces access decisions only after successful completion of all required authentication factors, stopping the alternate-path bypass that lets an attacker with a password evade MFA.

prevent

Adaptive authentication can detect and reject the anomalous sequence of crafted requests used to bypass MFA checks in this vulnerability.

References