Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-QWCH-JRH6-94WH
Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI?
Details
An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2026-22629"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T18:18:12Z",
"severity": "LOW"
},
"details": "An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.",
"id": "GHSA-qwch-jrh6-94wh",
"modified": "2026-03-10T18:31:19Z",
"published": "2026-03-10T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22629"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-079"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
CVE-2026-22629 (GCVE-0-2026-22629)
Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-12 17:13
VLAI?
EPSS
Summary
An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4 all versions, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.
Severity ?
CWE
- CWE-307 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiAnalyzer |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.4.0 , ≤ 7.4.10 (semver) Affected: 7.2.0 , ≤ 7.2.12 (semver) Affected: 7.0.0 , ≤ 7.0.16 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T17:31:08.552013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T17:41:32.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.10",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:6.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer Cloud",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.2"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.7",
"status": "affected",
"version": "6.4.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.10",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:6.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager Cloud",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.7",
"status": "affected",
"version": "6.4.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4 all versions, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T17:13:56.855Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-079",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-079"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiAnalyzer version 8.0.0 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to upcoming FortiAnalyzer Cloud version 8.0.0 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.5 or above\nUpgrade to upcoming FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to upcoming FortiManager Cloud version 8.0.0 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22629",
"datePublished": "2026-03-10T16:44:19.117Z",
"dateReserved": "2026-01-08T06:49:28.869Z",
"dateUpdated": "2026-03-12T17:13:56.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…