CVE-2026-22629
Received Received - Intake
Race Condition in FortiAnalyzer/FortiManager Allows Brute Force Bypass

Publication date: 2026-03-10

Last updated on: 2026-03-13

Assigner: Fortinet, Inc.

Description
An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4 all versions, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22629
EUVD
EUVD-2026-10517
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
fortinet fortianalyzer From 6.4.0 (inc) to 7.6.5 (exc)
fortinet fortianalyzer_cloud From 6.4.0 (inc) to 7.6.5 (exc)
fortinet fortimanager From 6.4.0 (inc) to 7.6.5 (exc)
fortinet fortimanager_cloud From 6.4.0 (inc) to 7.6.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper restriction of excessive authentication attempts in Fortinet FortiAnalyzer and FortiManager products and their cloud versions. It allows an attacker to bypass brute force protections by exploiting race conditions, which means the attacker can attempt multiple authentication tries without being properly blocked.

Impact Analysis

The vulnerability can allow an attacker to bypass brute force protections, potentially enabling unauthorized access attempts to the affected Fortinet devices. Although the complexity of exploitation is increased due to race conditions, successful exploitation could lead to increased risk of unauthorized access.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22629. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart