CVE-2026-24017 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 11, 2026
Fortinet FortiWeb - Authentication Bypass
Published: March 10, 2026Updated: March 11, 2026Remote Exploitable
Overview
Fortinet FortiWeb 7.0.0 through 7.0.11, 7.2.0 through 7.2.11, 7.4.0 through 7.4.10, 7.6.0 through 7.6.5, and 8.0.0 through 8.0.2 contain an authentication rate-limit bypass caused by improper control of interaction frequency, letting remote unauthenticated attackers bypass rate limits via crafted requests, exploit requires attacker resources and target password complexity.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Remote attackers can bypass authentication rate limits, increasing the risk of brute force attacks and unauthorized access.
Mitigation
Update to the latest FortiWeb version beyond 8.0.2 or respective fixed versions.
Related Resources
Details
- CVE ID
- CVE-2026-24017
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_authentication
- Status
- unconfirmed
CWE
- CWE-799
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H