VDB
NCSC-2026-61
NCSC-2026-61
PUBLISHED
CVSS 8.100000381469727 HIGH
A vulnerability in Fortinet FortiOS versions 7.6.0 to 7.6.4 allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policy under specific LDAP server configurations.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | vers:unknown/* |
Timeline
- Feb 11, 2026 CVE Published
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
References
- https://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0061.json advisory
- https://fortiguard.fortinet.com/psirt/FG-IR-25-1052 advisory
- https://fortiguard.fortinet.com/psirt/FG-IR-25-384 advisory
- https://fortiguard.fortinet.com/psirt/FG-IR-25-795 advisory
- https://fortiguard.fortinet.com/psirt/FG-IR-25-934 advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22153.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68686.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64157.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62439.json advisory