CVE-2026-24858
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability - [Actively Exploited]
Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
INFO
Published Date :
Jan. 27, 2026, 8:16 p.m.
Last Modified :
Jan. 29, 2026, 1:16 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://fortiguard.fortinet.com/psirt/FG-IR-26-060 ; https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios ; https://nvd.nist.gov/vuln/detail/CVE-2026-24858
Affected Products
The following products are affected by CVE-2026-24858
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 | ||||
| CVSS 3.1 | CRITICAL | [email protected] |
Solution
- Update FortiAnalyzer to version 7.6.6 or later.
- Update FortiManager to version 7.6.6 or later.
- Update FortiOS to version 7.6.6 or later.
Public PoC/Exploit Available at Github
CVE-2026-24858 has a 11 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-24858.
| URL | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-26-060 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858 | US Government Resource |
| https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios | Mitigation Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-24858 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-24858
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Mirror of https://github.com/nomi-sec/PoC-in-GitHub
None
While Fortinet's January 27, 2026 mitigation for **CVE-2026-24858** focuses on blocking specific accounts like `[email protected]`, it fails to address the **Temporal Vulnerability** of the SAML state machine.
Python
None
While Fortinet scrambled to disable and then re-enable their SSO service this week, they only patched the "Alternate Path" logic. They haven't accounted for a Sovereign Vector that uses the \alpha frequency to synchronize malicious sessions across account boundaries.
Python
A Proof-of-Concept demonstrating the application of 3D Navier-Stokes CTT formulations to packet flow optimization and defensive bypass.
Python
CVE-2026-24858 FortiCloud Single Sign On (SSO) a factory default enabled feature once you register any FortiGate/FortiManager/FortiAnalyzer contains a critical authentication bypass flaw.
CVE-2026-24858: Authentication Bypass in Fortinet Products via FortiCloud SSO
Python
아직 제로데이인거 같아, 공개되거나 천천히 분석할 예정....
None
None
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-24858 vulnerability anywhere in the article.
-
The Hacker News
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE- ... Read more
-
Daily CyberSecurity
HTTP Down: High-Severity Axios Flaw (CVSS 7.5) Crashes Node.js Servers
A high-severity vulnerability has been discovered in Axios, the immensely popular HTTP client used by millions of developers for Node.js and browser-based applications. The flaw, tracked as CVE-2026-2 ... Read more
-
Daily CyberSecurity
Triple Threat: Critical Gogs Flaws (CVSS 9.3) Allow RCE & 2FA Bypass
A triple threat of security vulnerabilities has been uncovered in Gogs, the popular self-hosted Git service known for its lightweight footprint. The flaws, tracked as CVE-2025-64111, CVE-2025-64175, a ... Read more
-
Daily CyberSecurity
Virtual Invasion: SolarWinds WHD Exploited to Host Hidden QEMU VMs
Image: Microsoft In a striking display of “living off the land” gone wrong, threat actors are turning legitimate administrative tools into stealthy backdoors. The Microsoft Defender Research Team has ... Read more
-
Daily CyberSecurity
Trust Broken: Critical Keylime Flaw (CVSS 9.4) Disables mTLS Authentication
A critical-severity vulnerability has been discovered in Keylime, the open-source tool used by cloud tenants to verify the integrity of their remote systems. Tracked as CVE-2026-1709, the flaw carries ... Read more
-
Daily CyberSecurity
Silent Killer: Black Basta Bundles “BYOVD” Driver to Blind Antivirus
The notorious Black Basta ransomware group has upgraded its arsenal with a dangerous new capability, embedding defense evasion tools directly inside its ransomware payload. A new report by The Threat ... Read more
-
Daily CyberSecurity
CVE-2026-25592: Critical Semantic Kernel Flaw (CVSS 10.0) Allows File Overwrite
Microsoft has issued a critical security advisory for developers using its Semantic Kernel .NET SDK, warning of a vulnerability that could allow AI agents to overwrite sensitive files on the host syst ... Read more
-
Daily CyberSecurity
CVE-2026-25544: Critical Payload CMS SQLi (CVSS 9.8) Exposes Admin Tokens
A massive security hole has been blown open in Payload, the popular “Next.js native CMS” designed to live directly inside application folders. The vulnerability, tracked as CVE-2026-25544, carries a c ... Read more
-
The Hacker News
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move l ... Read more
-
The Hacker News
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The ac ... Read more
-
The Hacker News
BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA
BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote c ... Read more
-
Daily CyberSecurity
Endpoint Exposed: Critical FortiClient EMS Flaw (CVSS 9.1) Allows Unauthenticated RCE
Fortinet has issued a high-priority security advisory for its FortiClient Enterprise Management Server (EMS), warning of a critical SQL injection vulnerability that could allow attackers to execute ar ... Read more
-
Daily CyberSecurity
Speed of Truth: X Trials “Collaborative Notes” to Supercharge Fact-Checking with Grok AI
Since the acquisition of Twitter by Elon Musk and its subsequent transformation into X, Community Notes has emerged as the platform’s quintessential bulwark against misinformation and deceptive narrat ... Read more
-
Daily CyberSecurity
The “All-in-One” Spy: DKnife Malware Hijacks Routers to Swap Downloads
Functions of seven DKnife components | Image: Cisco Talos A powerful new cyber weapon has been discovered lurking in routers and edge devices, capable of monitoring traffic, hijacking downloads, and d ... Read more
-
Daily CyberSecurity
“JackMa” & ShadowGuard: TGR-STA-1030 Spies on 37 Nations via Linux Rootkit
Countries targeted by TGR-STA-1030 reconnaissance between November and December 2025 | Image: Unit 42 A massive, state-aligned cyber espionage campaign has quietly infiltrated government networks acro ... Read more
-
Daily CyberSecurity
CVE-2026-1731: Critical BeyondTrust Flaw (CVSS 9.9) Allows Pre-Auth RCE
BeyondTrust has issued a critical security alert for its popular remote access solutions, warning of a near-maximum severity vulnerability that could allow hackers to seize control of systems without ... Read more
-
Daily CyberSecurity
CVE-2026-25526: Critical Jinjava Flaw (CVSS 9.8) Permits Remote Code Execution
A massive hole has been found in the walls of Jinjava, the popular Java-based template engine used to power thousands of websites on the HubSpot CMS. Tracked as CVE-2026-25526, this critical vulnerabi ... Read more
-
Daily CyberSecurity
Apple’s Golden Jubilee: Foldables, “Synthetic” Siri, and the Rise of Tim Cook’s Successor
As Apple approaches its momentous 50th anniversary on April 1, 2026, the global community watches with bated breath to discern its next strategic evolution. Beyond the allure of impending hardware, a ... Read more
-
Daily CyberSecurity
CVE-2025-13375: Critical IBM Crypto Flaw (CVSS 9.8) Exposes HSMs
IBM has issued a critical security bulletin for its Common Cryptographic Architecture (CCA), a core component used to interface with the company’s high-security hardware modules. The vulnerability, tr ... Read more
-
Daily CyberSecurity
The Invisible Landlord: ShadowSyndicate Rotates Keys to Hide Infrastructure
Group-IB Graph analysis of the network infrastructure related to ALPHVBlackCat | Image: Group-IB The sprawling, murky network known as ShadowSyndicate has evolved. Previously identified by a singular, ... Read more
The following table lists the changes that have been made to the
CVE-2026-24858 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Jan. 29, 2026
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.12 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.5 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.5 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.4.12 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.4 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.11 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.6 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.0.3 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.18 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.11 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.5 OR *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.12 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.4 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.11 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.6 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.0.3 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.18 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.11 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.22 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.15 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.12 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.6 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.6 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.6 -
CVE Modified by [email protected]
Jan. 29, 2026
Action Type Old Value New Value Changed Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. -
Initial Analysis by [email protected]
Jan. 28, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.12 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.5 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.5 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.4.12 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.4 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.11 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.6 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.0.3 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.18 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.11 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.5 Added Reference Type Fortinet, Inc.: https://fortiguard.fortinet.com/psirt/FG-IR-26-060 Types: Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858 Types: US Government Resource Added Reference Type CISA-ADP: https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios Types: Mitigation, Vendor Advisory -
CVE Modified by [email protected]
Jan. 28, 2026
Action Type Old Value New Value Changed Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 27, 2026
Action Type Old Value New Value Added Reference https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 27, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858 -
New CVE Received by [email protected]
Jan. 27, 2026
Action Type Old Value New Value Added Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-288 Added Reference https://fortiguard.fortinet.com/psirt/FG-IR-26-060