PSIRT LDAP authentication bypass in Agentless VPN and FSSO Summary An Authentication Bypass by Primary Weakness vulnerability [CWE-305] in FortiOS fnbamd may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under specific LDAP server configuration. Version Affected Solution FortiOS 8.0 Not affected Not Applicable FortiOS 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiOS 7.4 Not affected Not Applicable FortiOS 7.2 Not affected Not Applicable FortiOS 7.0 Not affected Not Applicable FortiOS 6.4 Not affected Not Applicable Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Workaround: Disable unauthenticated bind on the LDAP server. For example, LDAP unauthenticated binds can be disabled in Windows Active Directory (starting from Windows Server 2019) via the following PowerShell code snippet: $configDN = (Get-ADRootDSE).configurationNamingContext $dirSvcDN = "CN=Directory Service,CN=Windows NT,CN=Services,$configDN" Set-ADObject -Identity $dirSvcDN -Add @{'msDS-Other-Settings'='DenyUnauthenticatedBind=1'} Acknowledgement Fortinet is pleased to thank Jort Geurts from the Actemium Cyber Security Team for reporting this vulnerability under responsible disclosure. Timeline 2026-02-10: Initial publication