theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2026-24858

CISA KEV

Published January 27, 2026 · Updated April 3, 2026

high

What This Means

# CVE-2026-24858: Fortinet FortiCloud SSO Authentication Bypass An authentication bypass in Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy allows attackers with any valid FortiCloud account to authenticate as administrators on other organizations' devices if FortiCloud single sign-on (SSO) is enabled. An attacker registers a device to their own FortiCloud account, then exploits the SSO mechanism to gain unauthorized access to unrelated devices belonging to other FortiCloud accounts. **Immediate actions:** Disable FortiCloud SSO authentication until Fortinet releases and deploys a patch, or restrict FortiCloud SSO access to trusted identity providers with additional MFA enforcement. Audit FortiCloud authentication logs for cross-account login attempts and review administrative access on all affected appliances for unauthorized sessions.

Official Description+

Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Affected Products

VendorProduct
FortinetMultiple Products

Patch Status

Patch by 2026-01-30

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2026-24858.

Related Coverage

Vvulnerability

CVE-2026-24858: Fortinet FortiCloud SSO Authentication Bypass Exposes Cross-Account Device Access

CVE-2026-24858 is an authentication bypass flaw in Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy that allows any valid FortiCloud account holder to authenticate against devices registered to other FortiCloud accounts when SSO is enabled. Exploitation requires no privileges on the target device and grants direct administrative access, posing severe risk in MSP and multi-tenant environments. CISA mandates federal agency remediation by January 30, 2026; organizations should immediately disable FortiCloud SSO and audit device access logs pending patch availability.

CISA KEV·66d ago·4 min read