• Home
  • cyber
  • Fortinet: FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication
cyber Vulnerability

Fortinet: FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication

Feb 10, 2026 2 min read
Fortinet: FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication

Fortinet Patches High-Severity Authentication Bypass Flaw in FortiOS

Fortinet has disclosed a high-severity authentication bypass vulnerability in FortiOS, identified as CVE-2026-22153 (FG-IR-25-1052), which could allow unauthenticated attackers to bypass LDAP authentication for Agentless VPN or Fortinet Single Sign-On (FSSO) policies.

The flaw, classified under CWE-305 (Authentication Bypass by Primary Weakness), resides in the fnbamd daemon and stems from improper handling of LDAP authentication requests. Exploitation requires specific LDAP server configurations, such as those permitting anonymous binds, enabling attackers to gain unauthorized access without valid credentials.

Fortinet rates the vulnerability as High severity (CVSS v3.1), noting network accessibility but moderate attack complexity. Successful exploitation could lead to improper access control, potentially allowing unauthorized entry into protected networks via SSL-VPN components.

Affected Versions & Fixes

The vulnerability impacts FortiOS 7.6.0 through 7.6.4 exclusively. Other branches including 8.0, 7.4, 7.2, 7.0, and 6.4 remain unaffected. Administrators are advised to upgrade to FortiOS 7.6.5 or later using the official upgrade path tool.

As a temporary workaround, organizations can disable unauthenticated binds on their LDAP servers. For Windows Active Directory (Server 2019+), this can be done via the following PowerShell command:

$configDN = (Get-ADRootDSE).configurationNamingContext
$dirSvcDN = "CN=Directory Service,CN=Windows NT,CN=Services,$configDN"
Set-ADObject -Identity $dirSvcDN -Add @{'msDS-Other-Settings'='DenyUnauthenticatedBind=1'}

The vulnerability was responsibly disclosed by Jort Geurts of Actemium Cyber Security Team and addressed in Fortinet’s latest advisory. The company urges immediate patching for exposed SSL-VPN deployments to mitigate risks in enterprise environments relying on LDAP integration.

Source: https://cybersecuritynews.com/fortios-ldap-authentication-bypass-vulnerability/

Fortinet cybersecurity rating report: https://www.rankiteo.com/company/fortinet

"id": "FOR1770746047",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Enterprises using FortiOS 7.6.0 '
                                              'through 7.6.4 with LDAP '
                                              'integration',
                        'industry': 'Cybersecurity',
                        'name': 'Fortinet',
                        'type': 'Vendor'}],
 'attack_vector': 'Network',
 'customer_advisories': 'Upgrade to FortiOS 7.6.5 or later, disable '
                        'unauthenticated LDAP binds',
 'description': 'Fortinet has disclosed a high-severity authentication bypass '
                'vulnerability in FortiOS, identified as CVE-2026-22153 '
                '(FG-IR-25-1052), which could allow unauthenticated attackers '
                'to bypass LDAP authentication for Agentless VPN or Fortinet '
                'Single Sign-On (FSSO) policies. The flaw resides in the '
                'fnbamd daemon and stems from improper handling of LDAP '
                'authentication requests. Exploitation requires specific LDAP '
                'server configurations, such as those permitting anonymous '
                'binds, enabling attackers to gain unauthorized access without '
                'valid credentials.',
 'impact': {'operational_impact': 'Improper access control, unauthorized entry '
                                  'into protected networks',
            'systems_affected': 'FortiOS 7.6.0 through 7.6.4, SSL-VPN '
                                'components'},
 'investigation_status': 'Patched',
 'post_incident_analysis': {'corrective_actions': 'Patching, disabling '
                                                  'unauthenticated LDAP binds',
                            'root_causes': 'Improper handling of LDAP '
                                           'authentication requests in the '
                                           'fnbamd daemon'},
 'recommendations': 'Immediate patching for exposed SSL-VPN deployments, '
                    'disable unauthenticated LDAP binds as a temporary '
                    'workaround',
 'references': [{'source': 'Fortinet Advisory'},
                {'source': 'Jort Geurts (Actemium Cyber Security Team)'}],
 'response': {'communication_strategy': 'Public advisory issued by Fortinet',
              'containment_measures': 'Upgrade to FortiOS 7.6.5 or later, '
                                      'disable unauthenticated binds on LDAP '
                                      'servers',
              'remediation_measures': 'Patching to FortiOS 7.6.5 or later'},
 'stakeholder_advisories': 'Fortinet urges immediate patching for enterprise '
                           'environments relying on LDAP integration',
 'title': 'Fortinet Patches High-Severity Authentication Bypass Flaw in '
          'FortiOS',
 'type': 'Authentication Bypass',
 'vulnerability_exploited': 'CVE-2026-22153 (FG-IR-25-1052), CWE-305 '
                            '(Authentication Bypass by Primary Weakness)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.