Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers

Staff Editor 2026-01-28
Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers

Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers

https://cyberscoop.com/ortinet-zero-day-cve-2026-24858-forticloud-sso-auth-bypass/

Publish Date: 2026-01-28 17:35:00

Source Domain: cyberscoop.com

Fortinet customers are confronting another actively exploited zero-day vulnerability that allows attackers to bypass authentication in the single sign-on flow for FortiCloud and gain privileged access to multiple Fortinet firewall products and related services.

The vendor issued a security advisory for the vulnerability — CVE-2026-24858 — warning that some instances of exploitation already occurred earlier this month. Fortinet has yet to release patches to address the critical vulnerability across multiple versions of its products, including FortiAnalyzer, FortiManager, FortiOS, FortiProxy and FortiWeb.

Defects in Fortinet products are a recurring problem for the vendor’s customers and defenders, making 24 appearances on the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog since late 2021. One-third of those vulnerabilities made the list last year and 13 are known to be used in ransomware campaigns.

The agency added the latest Fortinet defect, which has a CVSS rating of 9.8, to its known exploited vulnerabilities catalog Tuesday and shared Fortinet’s guidance in a subsequent alert Wednesday.

The vulnerability, which allows attackers with a FortiCloud account and a registered device to log into devices registered to other accounts, was exploited by two malicious FortiCloud accounts that Fortinet said it blocked Jan. 22. Attackers have reconfigured firewall settings on FortiGate devices, created unauthorized accounts and changed virtual private network configurations to gain access to new accounts.

The vendor said it disabled FortiCloud SSO Monday and re-enabled the service Tuesday with controls in place to prevent logins to devices running vulnerable software versions.

Fortinet’s advisory brings some clarity and raises new questions for defenders and researchers that have encountered problems on Fortinet devices since December. The vendor disclosed a pair of similar critical…

Source

More Stories

Sen. Mark Warner introduces bill to restore MS-ISAC funding, boosting federal cyber support to M annually

Sen. Mark Warner introduces bill to restore MS-ISAC funding, boosting federal cyber support to $50M annually

Staff Editor 2026-06-05
Assessing Qualys (QLYS) Valuation After Recent Share Price Gains And Renewed Cybersecurity Interest

Assessing Qualys (QLYS) Valuation After Recent Share Price Gains And Renewed Cybersecurity Interest

Staff Editor 2026-06-05
Cisco warns zero-day flaw in SD-WAN is being exploited

Cisco warns zero-day flaw in SD-WAN is being exploited

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy