Improper Control of Interaction Frequency Vulnerability in Fortinet FortiWeb Products
CVE-2026-24017

7.3HIGH

Key Information:

Vendor

Fortinet
Status
Fortiweb
Vendor
CVE Published:
10 March 2026

What is CVE-2026-24017?

The vulnerability in Fortinet's FortiWeb products allows a remote, unauthenticated attacker to bypass authentication rate-limiting mechanisms through crafted requests. This occurs due to improper controls over interaction frequency, potentially enabling attackers to exploit password complexity and system resources for unauthorized access.

Affected Version(s)

FortiWeb 8.0.0 <= 8.0.2

FortiWeb 7.6.0 <= 7.6.5

FortiWeb 7.4.0 <= 7.4.10

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-082

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.