External risk intelligence

Antikor NGFW Authentication Bypass Vulnerability.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-2624

A critical authentication bypass vulnerability exists in ePati Antikor Next Generation Firewall, potentially allowing unauthorized access to critical functions. This could lead to altered firewall behavior or system compromise if the vulnerability is reachable. It is important to identify affected instances and their e

5Halo Surface Signal

Missing Authentication

Epati Antikor Next Generation Firewall

2.0.1298 to before 2.0.1301

External exposure likelihood

Halo Surface Signal score for CVE-2026-2624

The product is a Next Generation Firewall (NGFW), which is an internet edge security appliance. By design, such devices are deployed at the network perimeter and are frequently exposed to the public internet to provide filtering, routing, and remote access services.

PCI scan relevance

PCI Relevance for CVE-2026-2624

Yes

CVE-2026-2624 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This CVE is PCI scan-relevant due to an authentication bypass vulnerability in the Antikor Next Generation Firewall, which could lead to a scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in ePati Cyber Security Technologies Inc.'s Antikor Next Generation Firewall, specifically related to bypassing authentication. This could allow unauthorized access to the firewall's critical functions. The main concern is to confirm if this technology is in use and if it is exposed to potential threats.

Authentication bypass in firewall.
Critical security function at risk.
Confirm relevance and exposure.

Attack Path

How an attacker could exploit the issue

An attacker could bypass authentication on the firewall by exploiting a missing authentication check in a critical function. This could allow unauthorized access to the device, potentially leading to a complete compromise.

No authentication needed for attack.
Critical function is vulnerable.
Full system compromise is possible.

Live Threat

Current exploitation, exposure, and threat context

A critical function within the Antikor Next Generation Firewall could be accessed without authentication when supported by the advisory's version context. This could allow an unauthorized party to potentially alter the firewall's behavior or gain insights into its operations.

Firewall functions could be impacted.
Unauthorized access may occur remotely.
Service disruption or configuration changes.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Infrastructure and network security teams are likely responsible for addressing this critical vulnerability in the Antikor Next Generation Firewall. The first practical move is to identify all instances of the affected firewall, determine their exposure to external networks, and confirm their business criticality. This information will enable the accountable teams to prioritize remediation efforts, coordinate with the vendor if necessary, and plan for potential service interruptions during the update process.

Infrastructure and network security teams own.
Verify firewall exposure and criticality.
Plan vendor-coordinated remediation.

Frequently asked questions

What is the Antikor Next Generation Firewall?

The Antikor Next Generation Firewall (NGFW) is a product from ePati Cyber Security Technologies Inc. It is used to manage and secure network traffic, acting as a security appliance at the network's edge.

What kind of weakness does CVE-2026-2624 describe?

CVE-2026-2624 describes a 'Missing Authentication for Critical Function' vulnerability. This means a crucial part of the firewall's operation can be accessed without proper login, potentially allowing unauthorized actions.

How could an attacker exploit this firewall vulnerability?

An attacker could exploit this by directly accessing a critical function of the firewall that lacks an authentication check. The vulnerability is present in versions 2.0.1298 up to, but not including, 2.0.1301. Simply accessing these functions does not trigger the bug; the specific function must be targeted.

Who should be concerned about this firewall flaw?

Organizations using the Antikor Next Generation Firewall should be concerned. This is because firewalls are typically internet-facing security devices, meaning they are frequently exposed to the public internet where threats can originate.

What is the first step to address this firewall vulnerability?

The first step is for infrastructure and network security teams to identify all instances of the affected Antikor NGFW. It's also crucial to determine if these firewalls are exposed to external networks and assess their importance to business operations.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.