CVE-2026-24858

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.0.0 through 7.6.5 FortiManager versions 7.0.0 through 7.6.5 FortiOS versions 7.0.0 through 7.6.5 FortiProxy versions 7.0.0 through 7.6.4 FortiWeb versions 7.4.0 through 8.0.3

Description A critical authentication bypass vulnerability exists in Fortinet products when FortiCloud Single Sign-On (SSO) is enabled. This flaw allows an attacker with a valid FortiCloud account and a registered device to gain unauthorized access to other customers’ devices registered to different accounts. Active exploitation of this vulnerability has been observed, with attackers creating rogue admin accounts and potentially exfiltrating sensitive configuration data. The vulnerability is actively exploited in the wild, and has been assigned CVE-2026-24858. Fortinet has temporarily disabled FortiCloud SSO and is blocking logins from vulnerable firmware versions. The vulnerability allows attackers to bypass authentication and gain administrative access, potentially leading to lateral movement within networks.

Recommendations FortiAnalyzer versions 7.0.0 through 7.6.5: Upgrade to a fixed version. FortiManager versions 7.0.0 through 7.6.5: Upgrade to a fixed version. FortiOS versions 7.0.0 through 7.6.5: Upgrade to a fixed version. FortiProxy versions 7.0.0 through 7.6.4: Upgrade to a fixed version. FortiWeb versions 7.4.0 through 8.0.3: Upgrade to a fixed version. If upgrading is not immediately possible, disable FortiCloud SSO. Audit admin accounts for any newly created or suspicious accounts. Monitor for anomalous login activity.