Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 26, 2026

CVE-2026-22153

Description

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.

Affected products

Fortinet/Fortiosv52 versions
cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*range: 7.6.0
- (no CPE)range: >=7.6.0, <=7.6.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-25-1052mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000