CVE-2026-22572 is a vulnerability in Fortinet's FortiManager and FortiAnalyzer products, specifically versions 7.2.2 through 7.6.3. The flaw is an improper access control issue that allows an attacker who already possesses the administrator's password to bypass multifactor authentication (MFA) mechanisms. This bypass is achieved by exploiting an alternate path or channel through submitting multiple crafted requests, effectively circumventing the intended MFA checks. The vulnerability affects both FortiManager and FortiAnalyzer, which are widely used for centralized network management and security event analysis respectively. The CVSS v3.1 score of 6.8 indicates a medium severity, with the vector showing network attack vector, low attack complexity, and requiring high privileges but no user interaction. The impact includes full compromise of confidentiality, integrity, and availability of the affected systems, as the attacker can gain administrative access without completing MFA. No public exploits have been reported yet, but the vulnerability is critical for organizations relying on these products for security management. The vulnerability was published on March 10, 2026, and affects multiple recent versions, highlighting the need for timely patching and mitigation.

The vulnerability allows attackers with knowledge of admin credentials to bypass MFA, significantly increasing the risk of unauthorized administrative access. This can lead to full compromise of network management infrastructure, allowing attackers to alter configurations, disable security controls, exfiltrate sensitive data, or disrupt network operations. The confidentiality, integrity, and availability of the affected systems are all at risk. Organizations relying on FortiManager and FortiAnalyzer for centralized security management could face severe operational impacts, including potential lateral movement within networks and disruption of security monitoring capabilities. The medium CVSS score reflects the requirement for credential knowledge, but the bypass of MFA reduces the effectiveness of a critical security control, raising the overall risk posture. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability remains a significant threat if exploited.

Organizations should immediately verify if they are running affected versions of FortiManager or FortiAnalyzer (7.2.2 through 7.6.3) and apply any available patches or updates from Fortinet as soon as they are released. In the absence of patches, implement compensating controls such as restricting administrative access to trusted networks or VPNs, enforcing strict network segmentation, and monitoring for anomalous authentication attempts or multiple crafted requests indicative of exploitation attempts. Additionally, enforce strong password policies and consider rotating administrator credentials to reduce the risk posed by credential compromise. Enable detailed logging and alerting on authentication bypass attempts and review logs regularly. Employ additional layers of security such as endpoint detection and response (EDR) tools to detect lateral movement or unusual administrative activities. Finally, conduct security awareness training for administrators about the risks of credential compromise and the importance of MFA.