Critical Flaw in Fortinet’s Products Enables Authentication Bypass
Organizations using Fortinet products must act urgently to address the critical authentication bypass vulnerability, CVE-2026-24858. This flaw, scored at 9.4 on the CVSS, is actively being exploited and identified by CISA in its Known Exploited Vulnerabilities catalog, necessitating prompt remediation by January 30, 2026, particularly for Federal Civilian Executive Branch agencies.
The vulnerability arises from an Authentication Bypass Using an Alternate Path or Channel tied to the FortiCloud Single Sign-On (SSO) mechanism. Attackers can exploit this flaw to gain unauthorized access to devices associated with different accounts, simply by using their own FortiCloud account along with a registered device. Once inside, they can automate local admin account creation and modify settings for persistent access. Malicious accounts observed in use include [email protected] and [email protected], facilitating tasks such as configuration changes and sensitive data exfiltration.
Affected products include various versions of FortiOS, FortiManager, FortiAnalyzer, FortiWeb, and FortiProxy. Fortinet has provided necessary patches and temporarily disabled FortiCloud SSO to mitigate risks while urging users to upgrade to the latest software versions. Specific affected versions range widely, including FortiOS versions 7.0.0 through 7.6.5 and others across its product line.
This situation is critical as it directly affects organizational security. The exploitation of such vulnerabilities can lead to unauthorized data access, configuration alterations, and unwanted network access, heightening the risk of broader attacks. Organizations are advised to implement immediate patching, restrict access to trusted IPs, and audit for unauthorized changes following the identification of any potential compromise.
To reduce risk, ongoing monitoring, and proper SIEM implementations are crucial for identifying unusual access patterns. Regular vulnerability scanning, alongside the adoption of robust patch management solutions like Saner, can streamline updates and fortify defenses against similar critical vulnerabilities.
Click here for the full article
