Attackers Can Get Around LDAP Authentication with the FortiOS Authentication Bypass Vulnerability

Vulnerability in FortiOS Authentication Bypass A high-severity authentication bypass vulnerability in FortiOS, identified by Fortinet as CVE-2026-22153 (FG-IR-25-1052), may enable unauthenticated attackers to evade LDAP authentication for Agentless VPN or Fortinet Single Sign-On (FSSO) policies This article explores vulnerability fortios authentication. . The flaw, which falls under CWE-305 (Authentication Bypass by Primary Weakness), affects the fnbamd daemon and necessitates particular LDAP server configurations that allow unauthenticated binds.

Improper handling of LDAP authentication requests is the root cause of the problem. Under some configurations, such as those that allow anonymous binds, an attacker could take advantage of this to obtain unauthorized access without legitimate credentials. With a CVSS v3.1, Fortinet assigns it a high severity rating, emphasizing network accessibility but a moderate level of attack complexity. Implications include inadequate access control, which could allow illegal access to networks protected by SSL-VPN components.

Versions Affected and Solutions Only FortiOS 7.6.0 through 7.6.4 are at risk. 8.0, 7.4, 7.2, 7.0, and 6.4 are among the other branches that are unaffected. Administrators should upgrade to FortiOS 7.6.5 or later, following the official upgrade path tool.

FortiOS Version Affected Sub-versions Solution 8.0 Not affected N/A 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above 7.4 Not affected N/A 7.2 Not affected N/A 7.0 Not affected N/A 6.4 Not affected N/A As a workaround, disable unauthenticated binds on the LDAP server.

Use this PowerShell snippet for Windows Active Directory (Server 2019+): text$configDN = (Get-ADRootDSE).Set-ADObject -Identity $dirSvcDN = "CN=Directory Service,CN=Windows NT,CN=Services,$configDN" configurationNamingContext $dirSvcDN -Add @{'msDS-Other-Settings'='DenyUnauthenticatedBind=1'} Learn more about computer security, including how to hack and crack antivirus software and malware. The advisory was released today after being found through responsible disclosure by Jort Geurts of the Actemium Cyber Security Team. Fortinet recommends patching SSL-VPN deployments that are vulnerable right away in order to reduce risks in business settings that depend on LDAP integration.

X, LinkedIn, and LinkedIn for daily ZeroOwl. To have your stories featured, get in touch with us.