CVE-2026-2624 identifies a Missing Authentication for Critical Function vulnerability (CWE-306) in the Antikor Next Generation Firewall (NGFW) developed by ePati Cyber Security Technologies Inc. This vulnerability affects versions starting from 2.0.1298 up to but not including 2.0.1301. The core issue is that certain critical functions within the firewall's management interface do not enforce authentication checks, allowing an attacker to bypass authentication mechanisms entirely. This means an unauthenticated remote attacker can invoke sensitive firewall functions without credentials. The vulnerability has a CVSS v3.1 base score of 9.8, reflecting its critical severity. The vector metrics indicate network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality (C:H), integrity (I:H), and availability (A:H). This combination implies that exploitation is straightforward and can lead to complete compromise of the firewall device, including unauthorized configuration changes, disabling protections, or intercepting/redirecting network traffic. Although no public exploits or active exploitation in the wild have been reported yet, the vulnerability poses a significant risk due to the critical role of NGFWs in network defense. The lack of authentication on critical functions undermines the fundamental security model of the firewall, making it a prime target for attackers aiming to penetrate protected networks or establish persistent footholds. The vulnerability was published on February 25, 2026, and is assigned by TR-CERT. No patches were linked at the time of reporting, indicating that affected organizations must monitor vendor advisories closely for updates.

The impact of CVE-2026-2624 is severe for organizations globally that deploy the affected versions of Antikor NGFW. Successful exploitation allows unauthenticated attackers to bypass firewall authentication controls, potentially gaining full administrative access to the firewall. This can lead to unauthorized modification or disabling of firewall rules, enabling attackers to exfiltrate sensitive data, intercept or redirect network traffic, and launch further attacks within the internal network. The compromise of a NGFW undermines the entire network security posture, increasing the risk of data breaches, ransomware infections, and lateral movement by threat actors. Given the firewall's critical role in enforcing perimeter defenses, this vulnerability could facilitate large-scale network compromises, impacting confidentiality, integrity, and availability of enterprise systems. The absence of required authentication and the ease of exploitation amplify the threat, making it attractive for attackers seeking to bypass security controls without detection. The lack of known exploits in the wild currently provides a window for remediation, but the critical severity demands immediate action to prevent potential future attacks.

Organizations should immediately inventory their firewall deployments to identify any running affected versions (2.0.1298 up to but not including 2.0.1301) of Antikor NGFW. Since no patches were linked at the time of disclosure, organizations must monitor ePati Cyber Security Technologies Inc. for official security updates and apply them promptly once available. In the interim, restrict network access to the firewall management interfaces by implementing strict access control lists (ACLs) limiting connections to trusted administrative hosts and networks only. Employ network segmentation to isolate the firewall management plane from general user networks and the internet. Enable and review detailed logging and monitoring on the firewall to detect any unauthorized access attempts or anomalous activities. Consider deploying additional intrusion detection/prevention systems (IDS/IPS) to monitor for exploitation attempts targeting this vulnerability. Conduct regular security audits and penetration testing to verify that no unauthorized access is possible. Finally, educate security teams about this vulnerability to ensure rapid response capability in case exploitation attempts are detected.