Fortinet's Web Application Firewall (WAF) has been found to contain a critical security vulnerability classified as an authorized bypass (CVE). This means the WAF, which is intended to prevent unauthorized bypasses and protect web applications, can itself be bypassed by attackers who gain authorized access or utilize flaws allowing them to circumvent its protections. Essentially, the security product designed to block unauthorized access has its own bypass vulnerability. This is a significant concern because users of Fortinet's WAF may believe their applications are fully protected, but this issue demonstrates a failure in that assurance. The discovery emphasizes the need for continuous security evaluations of WAF solutions and highlights that no product is completely foolproof. Users should stay alert for patches and updates from Fortinet addressing this authorized bypass vulnerability and consider additional security layers while the issue is resolved.