Improper Authentication Attempt Restrictions in Fortinet FortiAnalyzer and FortiManager
CVE-2026-22629

3.4LOW

Key Information:

Vendor: Fortinet
Status: Fortianalyzer; Fortianalyzer Cloud; Fortimanager; Fortimanager Cloud
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-22629?

A vulnerability exists within Fortinet FortiAnalyzer and FortiManager products that improperly restricts excessive authentication attempts. This flaw allows attackers to bypass bruteforce protections by exploiting race conditions. The exploitation raises the complexity for potential attacks, highlighting the need for prompt mitigation measures to safeguard systems.

Affected Version(s)

FortiAnalyzer 7.6.0 <= 7.6.4

FortiAnalyzer 7.4.0 <= 7.4.10

FortiAnalyzer 7.2.0 <= 7.2.12

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-079

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Jan 8, 2026

CVE-2026-22629 Data

JSON