LDAP authentication bypass in Agentless VPN and FSSO
Plan Patch7.5FG-IR-25-1052Feb 10, 2026
Fortinet
IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
A flaw in LDAP authentication validation exists in FortiOS agentless VPN and FSSO (Fortinet Single Sign-On) implementations. The vulnerability allows an attacker to bypass LDAP credential verification, potentially gaining unauthorized access to VPN resources or administrative functions. Affected versions: FortiOS 7.6.0 through 7.6.4. The issue is corrected in FortiOS 7.6.5 and later.
What this means
What could happen
An attacker could bypass LDAP authentication on Fortinet FortiOS devices configured with agentless VPN or FSSO (Fortinet Single Sign-On), potentially gaining unauthorized access to the VPN gateway or administrative functions without valid credentials.
Who's at risk
This vulnerability affects utility IT managers and network operators running Fortinet FortiOS devices (versions 7.6.0–7.6.4) with agentless VPN or FSSO authentication enabled. It is relevant to any organization using FortiGate appliances for remote access, particularly those in water, electric, or other critical infrastructure sectors where secure VPN access is essential.
How it could be exploited
An attacker on the network sends specially crafted authentication requests to the LDAP authentication interface on the FortiOS device. By exploiting the bypass in LDAP credential validation, the attacker can authenticate without providing valid credentials, gaining access to protected VPN or administrative resources.
Prerequisites
- Network access to the LDAP authentication endpoint on the FortiOS device (typically port 389 or 636)
- FortiOS version 7.6.0 through 7.6.4 with agentless VPN or FSSO enabled
- No valid user credentials required
remotely exploitableno authentication requiredaffects VPN access controlactively exploited in the wild (KEV status indicates monitoring)
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
FortiOS7.6.0 - 7.6.47.6.5+
Remediation & Mitigation
0/3
Do now
0/2WORKAROUNDRestrict network access to the LDAP authentication interface to trusted administrative networks only using firewall rules
HARDENINGDisable agentless VPN and FSSO features if not actively in use
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate FortiOS to version 7.6.5 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/81064ef7-fc9e-4bdc-a0c9-b7b2c25571adGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.