Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Staff Editor 2026-01-27
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html

Publish Date: 2026-01-27 23:49:00

Source Domain: thehackernews.com

Ravie LakshmananJan 28, 2026Network Security / Zero-Day

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild.

The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it’s continuing to investigate if other products, including FortiWeb and FortiSwitch Manager, are impacted by the flaw.

“An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS, FortiManager, FortiAnalyzer may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices,” Fortinet said in an advisory released Tuesday.

It’s worth noting that the FortiCloud SSO login feature is not enabled in the default factory settings. It’s only turned on in scenarios where an administrator registers the device to FortiCare from the device’s GUI, unless they have taken steps to explicitly toggle the “Allow administrative login using FortiCloud SSO” switch.

The development comes days after Fortinet confirmed that unidentified threat actors were abusing a “new attack path” to achieve SSO logins without requiring any authentication. The access was abused to create local admin accounts for persistence, make configuration changes granting VPN access to those accounts, and exfiltrate those firewall configurations.

Cybersecurity

Over the past week, the network security vendor said it has taken the following steps –

  • Locked out two malicious FortiCloud accounts ([email protected] and [email protected]) on January 22, 2026
  • Disabled FortiCloud SSO on the FortiCloud side on January 26, 2026
  • Re-enabled FortiCloud SSO on January 27, 2026, while disabling the option to login from devices running…

Source

More Stories

Mountain Rides resolves cybersecurity threat | Transportation

Mountain Rides resolves cybersecurity threat | Transportation

Staff Editor 2026-06-05
NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

Staff Editor 2026-06-05
Ashley Devoto Named Air Force CIO

Ashley Devoto Named Air Force CIO

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy