Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2026-24017

Improper Control of Interaction Frequency

Published: Mar 10, 2026 | Modified: Mar 12, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-24017
CWEhttps://cwe.mitre.org/data/definitions/799.html

An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attackers resources and the password target complexity.

Weakness

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

Affected Software

NameVendorStart VersionEnd Version
FortiwebFortinet7.0.0 (including)7.0.12 (excluding)
FortiwebFortinet7.2.0 (including)7.2.12 (excluding)
FortiwebFortinet7.4.0 (including)7.4.11 (excluding)
FortiwebFortinet7.6.0 (including)7.6.6 (excluding)
FortiwebFortinet8.0.0 (including)8.0.3 (excluding)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use