CVE-2026-2624
Published: 25 February 2026
Description
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the authentication bypass vulnerability by requiring timely flaw remediation, such as upgrading Antikor NGFW to version 2.0.1301 or later.
Explicitly identifies, justifies, and safeguards any critical functions permitting actions without identification or authentication, preventing CWE-306 missing authentication issues.
Mandates identification and authentication of users before accessing system resources, blocking remote authentication bypass exploitation on the NGFW.
Security SummaryAI
CVE-2026-2624 is a Missing Authentication for Critical Function vulnerability (CWE-306) in ePati Cyber Security Technologies Inc.'s Antikor Next Generation Firewall (NGFW). Published on 2026-02-25, it enables authentication bypass and affects versions from 2.0.1298 up to but not including 2.0.1301. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
Remote attackers with network access can exploit this vulnerability without privileges, authentication, user interaction, or high complexity. Successful exploitation allows full compromise of the affected NGFW, resulting in high impacts to confidentiality, integrity, and availability.
The USOM advisory at https://www.usom.gov.tr/bildirim/tr-26-0082 provides further details, with mitigation achieved by upgrading to Antikor NGFW version 2.0.1301 or later.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authentication on a critical function of a public-facing NGFW directly enables remote exploitation of the management interface without credentials, matching T1190 for initial access and full device compromise.