CVE-2026-22629

3.7 LOW
Published: March 10, 2026 Modified: March 13, 2026
View on NVD

Description

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4 all versions, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-26-079
Source: psirt@fortinet.com
Vendor Advisory

1 reference(s) from NVD

Quick Stats

CVSS v3 Score
3.7 / 10.0
EPSS (Exploit Probability)
0.1%
15th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-307

Affected Vendors

fortinet

Related CVEs

CVE-2026-3550 5.3
CVE-2026-33192 N/A
CVE-2026-33080 7.3
CVE-2026-33075 N/A
CVE-2026-33072 8.2