A shocking security alert regarding a nasty bug in its FortiOS firewall software was just released by Fortinet This article explores bug fortios firewall. . This high-severity vulnerability, identified as CVE-2026-22153, allows attackers to completely circumvent LDAP authentication.

This implies that hackers might enter your network covertly if they don't have a working username or password. Aww. The fnbamd daemon, a crucial FortiOS component that manages user logins for applications like Fortinet Single Sign-On (FSSO) and Agentless VPNs, is at the core of the issue. In order to enforce access rules, your firewall verifies credentials when it communicates with an LDAP server (think Microsoft Active Directory).

The problem is that the firewall is tricked if the LDAP server permits "unauthenticated binds" (anonymous connections). Bypassing all checks, it approves the login anyhow.

This is classified as a "Authentication Bypass by Primary Weakness," or CWE-305. Imagine that your FortiGate device receives a cunning request from an attacker. Without requesting actual credentials, the permissive LDAP server reacts, and presto!

The firewall believes it to be authentic. No password? The hacker has no issues. They enter your network without authorization, possibly stealing confidential information or making a deeper turn.

On the CVSSv3 scale, Fortinet assigns it a 7.5, meaning it is low complexity and high risk. It is network-accessible and requires no privileges, so no sophisticated exploits are required. Versions that are affected? Field Value CVE ID CVE-2026-22153 Severity High CVSSv3 Score 7.5 CWE CWE-305 Affected Versions FortiOS 7.6.x (<7.6.x) builds prior to 7.6.5.5) Fnbamd daemon Vector Network component (remote) Conditions LDAP unauthenticated binds enabled For a detailed explanation, see Fortinet's advisory here.

Exploitation is not a theoretical concept. Security teams are concerned that this might combine with other FortiOS vulnerabilities to allow for complete compromise. FortiOS 7.6.5 or later should be upgraded immediately, according to Fortinet.

Not able to patch immediately? This is a good workaround: Turn off unauthenticated connections on your LDAP server. Launch PowerShell as administrator on Windows Server 2019+ and execute: Set-ItemProperty -Path "CN={LDAPDC},CN=Sites,CN=Configuration,DC=yourdomain,DC=com" -Name "DenyUnauthenticatedBind" -Amount 1 Next, restart the domain controller. This slams the door on anonymous LDAP connections, neutering the bypass.

Why does this matter? FortiGate firewalls guard millions of enterprise networks. A slip-up here exposes VPN tunnels and SSO policies to the wild. Fortinet patched it quietly no public exploits yet, but threat actors like Lazarus Group love Fortinet holes.

Remain alert: Use programs like Nessus or OpenVAS to check your configurations for susceptible FortiOS versions. For anomaly hunting, enable logging on fnbamd. Additionally, LDAP should always be separated from the internet.