CVE-2026-24858
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability - [Actively Exploited]
Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
INFO
Published Date :
Jan. 27, 2026, 8:16 p.m.
Last Modified :
Jan. 29, 2026, 1:16 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://fortiguard.fortinet.com/psirt/FG-IR-26-060 ; https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios ; https://nvd.nist.gov/vuln/detail/CVE-2026-24858
Affected Products
The following products are affected by CVE-2026-24858
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 | ||||
| CVSS 3.1 | CRITICAL | [email protected] |
Solution
- Update FortiAnalyzer to version 7.6.6 or later.
- Update FortiManager to version 7.6.6 or later.
- Update FortiOS to version 7.6.6 or later.
Public PoC/Exploit Available at Github
CVE-2026-24858 has a 12 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-24858.
| URL | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-26-060 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858 | US Government Resource |
| https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios | Mitigation Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-24858 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-24858
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Security Runbooks
CVE-2026-24858 - Administrative FortiCloud SSO authentication bypass
exploit fortigate fortigate-firewall fortnite python python3 scanner
Python
Mirror of https://github.com/nomi-sec/PoC-in-GitHub
None
While Fortinet's January 27, 2026 mitigation for **CVE-2026-24858** focuses on blocking specific accounts like `[email protected]`, it fails to address the **Temporal Vulnerability** of the SAML state machine.
Python
None
While Fortinet scrambled to disable and then re-enable their SSO service this week, they only patched the "Alternate Path" logic. They haven't accounted for a Sovereign Vector that uses the \alpha frequency to synchronize malicious sessions across account boundaries.
Python
A Proof-of-Concept demonstrating the application of 3D Navier-Stokes CTT formulations to packet flow optimization and defensive bypass.
Python
CVE-2026-24858 FortiCloud Single Sign On (SSO) a factory default enabled feature once you register any FortiGate/FortiManager/FortiAnalyzer contains a critical authentication bypass flaw.
CVE-2026-24858: Authentication Bypass in Fortinet Products via FortiCloud SSO
Python
아직 제로데이인거 같아, 공개되거나 천천히 분석할 예정....
None
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-24858 vulnerability anywhere in the article.
-
Daily CyberSecurity
JPCERT/CC Warns of Active Exploits Targeting Critical FileZen Command Injection Flaw
A critical security vulnerability in FileZen, the popular file transfer appliance from Soliton Systems K.K., is currently under active attack. In a new security advisory, JPCERT/CC has sounded the ala ... Read more
-
Daily CyberSecurity
Exploited in the Wild: Critical BeyondTrust Flaw (CVSS 9.9) Opens Door to Network Takeover
Image: win3zz A critical vulnerability in widely used remote access software is currently under active attack, with threat actors using the flaw to plant backdoors and scout corporate networks. Arctic ... Read more
-
Daily CyberSecurity
Critical Alert: Chrome Zero-Day (CVE-2026-2441) Exploited in the Wild
Google has pushed an urgent security update for its Chrome browser, racing to patch a high-severity zero-day vulnerability that is currently being exploited by attackers in the wild. The flaw, tracked ... Read more
-
Daily CyberSecurity
Inside Job: Abandoned Outlook Add-in “AgreeTo” Steals 4,000 Credentials
The phishing page | Image: Koi Security In a disturbing first for enterprise security, researchers at Koi Security have uncovered a malicious Microsoft Outlook add-in actively harvesting credentials i ... Read more
-
Daily CyberSecurity
Triple Threat Patched: Zimbra 10.1.16 Fixes XSS, XXE & LDAP Injection
Zimbra has rolled out a significant security update for its collaboration suite, releasing Zimbra 10.1.16 to address a spectrum of vulnerabilities ranging from front-end script injection to back-end d ... Read more
-
Daily CyberSecurity
Email Under Siege: Storm-2603 Exploits SmarterMail to Deploy Warlock Ransomware
A new report from ReliaQuest has uncovered a dangerous alliance between a China-based threat actor and a known ransomware strain. The group, identified as Storm-2603, has been caught actively exploiti ... Read more
-
Daily CyberSecurity
Back to the Future: SSHStalker Botnet Revives 2009 Tactics to Hijack Linux Servers
Image: Flare A previously undocumented Linux botnet has been discovered prowling the internet, using a mix of ancient tactics and modern automation to compromise servers. Dubbed SSHStalker by research ... Read more
-
Daily CyberSecurity
CVE-2026-1603: Remote Unauthenticated Attacker Can Steal Ivanti EPM Secrets
Ivanti has rolled out important security updates for its Endpoint Manager (EPM), addressing a pair of vulnerabilities that could expose sensitive credentials to hackers. The release fixes one high-sev ... Read more
-
Daily CyberSecurity
Crash Loop: Palo Alto Networks Flaw (CVE-2026-0229) Forces Maintenance Mode
Palo Alto Networks has issued a security advisory for a denial-of-service (DoS) vulnerability affecting its PAN-OS software, specifically within the Advanced DNS Security (ADNS) feature. The flaw, tra ... Read more
-
Daily CyberSecurity
Apple Zero-Day (CVE-2026-20700) Exploited in the Wild
Apple has issued an emergency security update for its entire mobile ecosystem, racing to close a critical zero-day vulnerability that is currently being used in what the company describes as an “extre ... Read more
-
Daily CyberSecurity
CVE-2026-26007: Python Cryptography Flaw (CVSS 8.2) Leaks Private Keys
A high-severity vulnerability has been discovered in the cryptography Python package, one of the most widely used libraries for securing modern applications. The flaw, tracked as CVE-2026-26007, carri ... Read more
-
Daily CyberSecurity
The Rise of Vibecoding: AI-Generated Malware Exploits React2Shell
A new class of cyberattack has been caught in the wild, one where the code isn’t written by a human hand, but generated entirely by artificial intelligence. Darktrace has released a report detailing a ... Read more
-
Daily CyberSecurity
CVE-2026-25993: Critical EverShop SQL Injection (CVSS 9.3) Exposes Stores
A critical vulnerability has been discovered in EverShop, a modern, developer-focused e-commerce platform built on React and GraphQL. The flaw, tracked as CVE-2026-25993, is a “Second-Order SQL Inject ... Read more
-
Daily CyberSecurity
Excel Trap: New Phishing Campaign Deploys Fileless XWorm RAT
Overview of the XWorm phishing campaign infection chain | Image: Fortinet A new phishing campaign is exploiting an old vulnerability, using malicious Excel files to deploy the potent XWorm Remote Acce ... Read more
-
Daily CyberSecurity
The 7-Zip Trap: How a 25-Year-Old Domain Was Weaponized to Turn Your PC into a Proxy Bot
Security researchers have recently unveiled a sophisticated stratagem wherein adversaries gained control of the domain 7zip[.]com to proliferate deleterious software. It is paramount to note that the ... Read more
-
Daily CyberSecurity
Silicon for a Century: Alphabet’s $32 Billion Debt Blitz Signals the Greatest Infrastructure Race in History
In a concerted effort to bridge a projected $185 billion capital expenditure chasm for 2026, Alphabet, the parent organization of Google, has inaugurated an expansive debt issuance initiative. Accordi ... Read more
-
Daily CyberSecurity
Billions at Risk: Critical Windows Notepad Flaw Allows Remote Code Execution
It is the quintessential “harmless” application: Windows Notepad. But a newly discovered vulnerability has turned this humble text editor into a potential gateway for hackers. In its February 2026 Pat ... Read more
-
Daily CyberSecurity
Patch Panic: Microsoft Fixes 6 Active Zero-Days in Feb 2026 Update
Microsoft has released its security update for February 2026, addressing 61 vulnerabilities across its ecosystem. But the headline isn’t the volume of patches—it’s the urgency. The tech giant is activ ... Read more
-
Daily CyberSecurity
Under Siege: GTIG Report Exposes North Korean Spies & Russian Drone Hacks in Defense Sector
A new report from Google Threat Intelligence Group (GTIG) paints a stark picture of the modern battlefield, where the front lines have shifted from trenches to server rooms. The defense industrial bas ... Read more
-
Daily CyberSecurity
“Fiber” Optic Failure: Predictable UUIDs Expose Go Web Framework to Hijacking
A critical vulnerability has been uncovered in Fiber, the high-performance web framework for Go that powers countless modern web applications. The flaw, tracked as CVE-2025-66630, carries a CVSS score ... Read more
The following table lists the changes that have been made to the
CVE-2026-24858 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Jan. 29, 2026
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.12 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.5 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.5 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.4.12 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.4 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.11 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.6 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.0.3 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.18 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.11 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.5 OR *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.12 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.4 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.11 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.6 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.0.3 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.18 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.11 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.22 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.15 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.12 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.6 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.6 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.6 -
CVE Modified by [email protected]
Jan. 29, 2026
Action Type Old Value New Value Changed Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. -
Initial Analysis by [email protected]
Jan. 28, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.12 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.5 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.15 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.10 *cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.5 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.4.12 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.4 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.11 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.6 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.0.3 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.18 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.11 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.5 Added Reference Type Fortinet, Inc.: https://fortiguard.fortinet.com/psirt/FG-IR-26-060 Types: Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858 Types: US Government Resource Added Reference Type CISA-ADP: https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios Types: Mitigation, Vendor Advisory -
CVE Modified by [email protected]
Jan. 28, 2026
Action Type Old Value New Value Changed Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 27, 2026
Action Type Old Value New Value Added Reference https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 27, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858 -
New CVE Received by [email protected]
Jan. 27, 2026
Action Type Old Value New Value Added Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-288 Added Reference https://fortiguard.fortinet.com/psirt/FG-IR-26-060