{"id":207955,"date":"2026-01-28T11:05:00","date_gmt":"2026-01-28T16:05:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858\/"},"modified":"2026-01-29T19:15:12","modified_gmt":"2026-01-30T00:15:12","slug":"fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858\/","title":{"rendered":"Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/187426\/security\/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858.html\">Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/187426\/security\/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858.html\">https:\/\/securityaffairs.com\/187426\/security\/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-28 11:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> January 28, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2019\/11\/fortinet-logo.jpg?fit=730%2C480&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Fortinet released fixes for a critical FortiOS SSO auth bypass (CVE-2026-24858) actively exploited, impacting FortiOS, FortiManager, and FortiAnalyzer.<\/h2>\n<p>Fortinet started rolling out patches for a critical FortiOS flaw under active attack. The bug, CVE-2026-24858 (CVSS score of 9.4), lets attackers bypass authentication via SSO. It affects FortiOS, FortiManager, and FortiAnalyzer, while Fortinet checks if other products are impacted.<\/p>\n<p>\u201cAn Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS, FortiManager, FortiAnalyzer may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.\u201d reads the advisory. \u201cPlease note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an administrator registers the device to FortiCare from the device\u2019s GUI, unless the administrator disables the toggle switch \u201cAllow administrative login using FortiCloud SSO\u201d in the registration page, FortiCloud SSO login is enabled upon registration.\u201d <\/p>\n<p>The company pointed out that FortiCloud SSO login is disabled by default. It only activates when an admin registers the device to FortiCare via the GUI or explicitly enables the FortiCloud SSO admin login option.<\/p>\n<p>The cybersecurity vendor confirmed the flaw was exploited by two malicious FortiCloud accounts, blocked on Jan 22, 2026. To stop abuse, FortiCloud SSO was disabled on Jan 26, then re-enabled on Jan 27. SSO now blocks vulnerable versions, forcing customers to upgrade to supported releases to continue using FortiCloud SSO authentication.<\/p>\n<p>The company is still investigating if other solutions, such as FortiWeb and FortiSwitch Manager are&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/187426\/security\/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858) https:\/\/securityaffairs.com\/187426\/security\/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858.html Publish Date: 2026-01-28 11:05:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":207956,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2019\/11\/fortinet-logo.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-207955","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207955"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207955"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207955\/revisions"}],"predecessor-version":[{"id":207957,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207955\/revisions\/207957"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207956"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207955"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207955"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}