What is CVE-2022-26121?

CVE-2022-26121 is a low-severity vulnerability affecting Fortinet FortiAnalyzer and FortiManager. An unauthenticated remote attacker may exploit this issue to access sensitive resources. Immediate action is recommended to safeguard systems.

What is the severity of CVE-2022-26121?

CVE-2022-26121 has a severity rating of LOW with a CVSS base score of 3.7.

CVE-2022-26121 | Low Vulnerability in Fortinet FortiAnalyzer and FortiManager

CVE-2022-26121 is classified as a low-severity vulnerability affecting Fortinet's FortiAnalyzer and FortiManager versions 5.6.0 through 7.0.3. This vulnerability allows an exposure of resource to wrong sphere vulnerability [CWE-668], enabling unauthenticated remote attackers to access report template images by referencing the name in the URL path. The CVSS score of 3.7 indicates a low level of risk; however, the potential for unauthorized access remains a concern.

Organizations should be aware that the vulnerability is present in multiple versions of FortiAnalyzer and FortiManager, specifically versions 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, and 5.6.0 through 5.6.11. The risk to organizations includes the possibility of unauthorized access to sensitive report images, potentially leading to further exploitation or information leakage.

Currently, no known public exploit exists for this vulnerability, and it has not been categorized as actively exploited in the wild. Nevertheless, organizations using affected versions of Fortinet products should prioritize remediation efforts to mitigate any potential security risks.

Organizations should prioritize patching immediately. Keeping systems up-to-date is crucial in reducing the risk of exploitation from vulnerabilities like CVE-2022-26121.

Vulnerability Details

The vulnerability described in CVE-2022-26121 allows for the exposure of resources inappropriately due to misconfiguration in FortiAnalyzer and FortiManager. The official CVE description highlights that this vulnerability affects versions from 5.6.0 to 7.0.3, and it is classified under CWE-668. The CVSS score of 3.7 indicates a low severity, suggesting that while the potential impact is limited, it should not be ignored.

Technical Analysis

The root cause of CVE-2022-26121 stems from improper resource exposure, allowing unauthorized access to sensitive information. The attack vector is network-based, and the complexity of the attack is classified as high, meaning that an attacker would require a certain level of skill to exploit the vulnerability effectively. Notably, no privileges are required for exploitation, and user interaction is not necessary.

Confidentiality impact is low, as unauthorized access may lead to the exposure of report images without affecting the integrity or availability of the system.

Risk & Impact Analysis

The real-world deployment risk associated with CVE-2022-26121 is relatively low, given its CVSS score and the fact that it has not been categorized as actively exploited. However, organizations must recognize that the exposure of sensitive report template images could lead to unauthorized access to internal information, which may impact confidentiality. The urgency assessment suggests organizations should schedule remediation to address this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects Fortinet FortiAnalyzer and FortiManager versions 5.6.0 through 7.0.3. Organizations using these versions should consider upgrading to the latest patched versions to mitigate potential risks.

Mitigation & Remediation

Fortinet has released patches for the affected versions. Organizations should apply the latest updates to mitigate the risks associated with CVE-2022-26121. For further information on penetration testing and security assessments, organizations should refer to penetration testing services to validate their security posture.

Detection Guidance

Organizations should monitor logs for any unauthorized access attempts to report template resources. Additionally, detecting behavioral anomalies related to unauthorized image access can provide early warning of potential exploitation.

AppSecure Threat Intelligence Insight

CVE-2022-26121 represents a trend in vulnerabilities that allow unauthorized access to sensitive information without requiring authentication. Organizations must stay vigilant to prevent similar vulnerabilities from being exploited in the future. This underscores the importance of regular security assessments, as detailed in our vulnerability management program and the need for continuous penetration testing, highlighted in our penetration testing methodology guidelines.

Organizations must also be aware of the evolving threat landscape and adjust their security strategies accordingly, utilizing resources like our security testing best practices to enhance their defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-26121: Low Vulnerability in Fortinet FortiAnalyzer and FortiManager