High7.5Fortinet Updated
LDAP authentication bypass in Agentless VPN and FSSO
FG-IR-25-1052 Published Feb 10, 2026Updated by vendor Jul 4, 2026
CVE-2026-22153
Affected products & platforms
FortinetFortiGateFirewallFortiOS
Summary
CVSSv3 Score: 7.5 An Authentication Bypass by Primary Weakness vulnerability [CWE-305] in FortiOS fnbamd may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under specific LDAP server configuration. Revised on 2026-07-04 00:00:00
Affected versions
- FortiOS 7.6: 7.6.0 through 7.6.4
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- FortiOS 7.6: 7.6.5
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade per the Affected/Solution table: FortiOS 7.6: 7.6.5.
Temporary workarounds
- Disable unauthenticated bind on the LDAP server.
- For example, LDAP unauthenticated binds can be disabled in Windows Active Directory (starting from Windows Server 2019) via the following PowerShell code snippet:
- $configDN = (Get-ADRootDSE).configurationNamingContext$dirSvcDN = "CN=Directory Service,CN=Windows NT,CN=Services,$configDN"Set-ADObject -Identity $dirSvcDN -Add @{'msDS-Other-Settings'='DenyUnauthenticatedBind=1'}
- Virtual Patch named "FG-VD-10009566.0day." is available in FMWP db update 26.063
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.