A critical security vulnerability in FortiOS, identified as CVE-2026-22153, has been disclosed by Fortinet. This flaw potentially allows attackers to bypass LDAP authentication, affecting Agentless VPN and Fortinet Single Sign-On (FSSO) policies.
Understanding the Vulnerability
The vulnerability, classified as CWE-305 for authentication bypass, exists within the fnbamd daemon of FortiOS. It specifically requires certain configurations of LDAP servers that permit unauthenticated binds, which can be exploited by attackers to gain unauthorized access.
Improper processing of LDAP authentication requests is at the core of this issue. When certain server setups allow anonymous binds, attackers could leverage this weakness to access protected networks without valid authentication credentials.
Impact and Severity
This security flaw is rated as High severity by Fortinet, with a CVSS v3.1 score highlighting the ease of network access but noting a moderate level of attack complexity. The primary risk involves unauthorized access to networks via SSL-VPN components, posing a significant threat to network security.
The affected versions are FortiOS 7.6.0 through 7.6.4. Other versions such as 8.0, 7.4, 7.2, 7.0, and 6.4 are not impacted. Fortinet advises administrators to upgrade to FortiOS 7.6.5 or later to address this vulnerability.
Mitigation and Recommendations
To mitigate the risk, administrators should disable unauthenticated binds on LDAP servers. For Windows Active Directory environments (Server 2019 and newer), a PowerShell command can be used to enforce this setting:
$configDN = (Get-ADRootDSE).configurationNamingContext
$dirSvcDN = "CN=Directory Service,CN=Windows NT,CN=Services,$configDN"
Set-ADObject -Identity $dirSvcDN -Add @{'msDS-Other-Settings'='DenyUnauthenticatedBind=1'}This vulnerability was responsibly disclosed by Jort Geurts from the Actemium Cyber Security Team. Fortinet has published an advisory urging immediate patch application for SSL-VPN setups relying on LDAP integration to prevent potential security breaches.
Stay informed with the latest cybersecurity updates by following us on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.
