Software Authentication Bypass (CVE-2026-2624) - Patch Now

Patch now - CVE-2026-2624 is a critical authentication bypass in ePati Antikor NGFW versions v2.0.1298 to before v2.0.1301 that allows an unauthenticated attacker to send specially crafted requests to the management interface and gain full administrative control over the firewall.

Overview

A critical security flaw has been identified in ePati Cyber Security Technologies Inc.’s Antikor Next Generation Firewall (NGFW). This vulnerability allows an attacker to bypass the firewall’s authentication mechanisms entirely, potentially gaining unauthorized administrative access to the device.

Vulnerability Details

This is classified as a Missing Authentication for Critical Function vulnerability. In simple terms, a specific function or service within the firewall’s software does not properly verify the identity of a user before allowing access. An attacker can exploit this weakness by sending specially crafted network requests directly to the firewall’s management interface without needing a valid username or password.

Affected Versions:

• Antikor NGFW versions starting from v.2.0.1298 up to, but not including, v.2.0.1301.

Potential Impact

The impact of this vulnerability is severe. With a CVSS score of 9.8 (CRITICAL), successful exploitation could lead to:

• Full System Compromise: An attacker could gain complete administrative control of the firewall.
• Network Breach: The firewall is the primary security gateway; controlling it allows an attacker to disable security policies, intercept or redirect network traffic, and launch further attacks on the internal network.
• Data Theft and Sabotage: Sensitive data passing through the firewall could be monitored or stolen, and network services could be disrupted.

Remediation and Mitigation

Immediate action is required for all administrators using an affected Antikor NGFW.

Primary Remediation: The vendor, ePati Cyber Security Technologies Inc., has released a fixed version. You must upgrade your firewall software to version 2.0.1301 or later as soon as possible. Consult the official vendor documentation for upgrade procedures.

Immediate Mitigation Steps (If Patching is Delayed):

1. Restrict Management Access: Ensure the firewall’s management interface is not accessible from the public internet. Limit access to specific, trusted IP addresses on the internal network using Access Control Lists (ACLs).
2. Monitor Logs: Closely review firewall authentication and administrative logs for any suspicious activity, such as login attempts from unexpected sources or configuration changes made by unknown users.
3. Network Segmentation: Isolate the firewall’s management network segment from general user traffic to reduce the attack surface.

After applying the update, verify that the management interface requires proper credentials and consider changing all administrative passwords as a precautionary measure.