What is CVE-2026-22572?

CVE-2026-22572 is a medium-severity vulnerability in Fortinet Fortianalyzer, classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 6.8/10. Published 2026-03-10.

How severe is CVE-2026-22572?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Fortinet Fortianalyzer

CVE-2026-22572

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager…

EPSS: 0.001 (31.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C.

Affected products

Fortinet Fortianalyzer — versions 7.6.0, 7.4.0, 7.2.2
Fortinet Fortimanager — versions 7.6.0, 7.4.0, 7.2.2

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-090

Frequently asked questions

What is CVE-2026-22572?: CVE-2026-22572 is a medium-severity vulnerability in Fortinet Fortianalyzer, classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 6.8/10. Published 2026-03-10.
How severe is CVE-2026-22572?: Medium severity. CVSS v3 base score is 6.8 out of 10.