Cyber Resilience

CVE-2026-2624

CriticalUpdated

Published: 25 February 2026

Published
25 February 2026
Modified
06 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0219 80.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-2624 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Epati Antikor Next Generation Firewall. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2026-2624 is a missing authentication for critical function vulnerability, tracked as CWE-306, that permits authentication bypass in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall. The flaw affects versions from 2.0.1298 up to but not including 2.0.1301 and carries a CVSS 3.1 base score of 9.8.

An unauthenticated attacker with network access can exploit the issue to bypass authentication controls entirely, resulting in full compromise of confidentiality, integrity, and availability on the affected firewall appliance.

Official advisories addressing the vulnerability have been published by Turkish government security organizations and are available at the referenced USOM and Siberguvenlik URLs. The EPSS score has remained flat at 0.0326 with no material increase observed after disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass. This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Missing authentication on a critical function of a public-facing NGFW directly enables remote exploitation of the management interface without credentials, matching T1190 for initial access and full device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-4810Shared CWE-306
CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306
CVE-2026-21992Shared CWE-306
CVE-2025-26362Shared CWE-306
CVE-2026-48692Shared CWE-306
CVE-2022-50981Shared CWE-306
CVE-2025-58083Shared CWE-306
CVE-2025-21515Shared CWE-306

Affected Assets

epati
antikor next generation firewall
2.0.1298 — 2.0.1301

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations on critical functions, blocking the authentication-bypass path described in CVE-2026-2624.

prevent

Mandates identification and authentication of users before any access to the firewall's management or data-plane functions, eliminating the missing-authentication condition.

prevent

Requires services and devices to mutually authenticate, addressing the unauthenticated network access vector that leads to full compromise of the NGFW.

References