Home Cyber Security FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication
FortiOS Authentication Bypass Vulnerability
Fortinet has disclosed a high-severity authentication bypass vulnerability in FortiOS, tracked as CVE-2026-22153 (FG-IR-25-1052), that could allow unauthenticated attackers to sidestep LDAP authentication for Agentless VPN or Fortinet Single Sign-On (FSSO) policies.
Classified under CWE-305 (Authentication Bypass by Primary Weakness), the flaw resides in the fnbamd daemon and requires specific LDAP server configurations enabling unauthenticated binds.
The issue stems from improper handling of LDAP authentication requests. An attacker could exploit this under certain setups, such as those permitting anonymous binds, to gain unauthorized access without valid credentials.
Fortinet rates it High severity with a CVSS v3.1, highlighting network accessibility but moderate attack complexity. Impacts include improper access control, potentially leading to unauthorized entry into protected networks via SSL-VPN components.
Affected Versions and Fixes
Only FortiOS 7.6.0 through 7.6.4 are vulnerable. Other branches like 8.0, 7.4, 7.2, 7.0, and 6.4 remain unaffected. Administrators should upgrade to FortiOS 7.6.5 or later, following the official upgrade path tool.
FortiOS Version Affected Sub-versions Solution
8.0 Not affected N/A
7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above
7.4 Not affected N/A
7.2 Not affected N/A
7.0 Not affected N/A
6.4 Not affected N/A
As a workaround, disable unauthenticated binds on the LDAP server. For Windows Active Directory (Server 2019+), use this PowerShell snippet:
text$configDN = (Get-ADRootDSE).configurationNamingContext
$dirSvcDN = "CN=Directory Service,CN=Windows NT,CN=Services,$configDN"
Set-ADObject -Identity $dirSvcDN -Add @{'msDS-Other-Settings'='DenyUnauthenticatedBind=1'}
Discovered by Jort Geurts of the Actemium Cyber Security Team via responsible disclosure, the advisory was published today. Fortinet urges immediate patching for exposed SSL-VPN deployments to mitigate risks in enterprise environments reliant on LDAP integration.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
RELATED ARTICLESMORE FROM AUTHOR
Cyber Security
Cybersecurity Companies’ Stocks Fall as Anthropic Tests Powerful New Model
Cyber Security
CISA Warns of F5 BIG-IP Vulnerability Actively Exploited in Attacks
Cyber Security
European Commission Confirms Cyberattack Following AWS Account Hack
Top 10
Essential E-Signature Solutions for Cybersecurity in 2026
January 31, 2026
Top 10 Best Data Removal Services In 2026
January 29, 2026
Best VPN Services of 2026: Fast, Secure & Affordable
January 26, 2026
Top 10 Best Data Security Companies in 2026
January 23, 2026
Top 15 Best Ethical Hacking Tools – 2026
January 15, 2026