"On Tuesday, Fortinet rolled out fresh patches for FortiOS, FortiManager, and FortiAnalyzer, revealing that hackers had been exploiting a new but related FortiCloud SSO flaw, now tracked as CVE-2026-24858 (CVSS score of 9.4)."
"Described as an authentication bypass using an alternate path or channel issue, CVE-2026-24858 can be exploited against devices that have FortiCloud SSO enabled, just as the previous two security defects could. The feature is disabled by default, but it is enabled when registering a new device through the device's GUI, unless the administrator specifically disables it."
"CVE-2026-24858, Fortinet says, allows "an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts"."
Fortinet deployed emergency patches after attackers exploited a FortiCloud SSO authentication bypass tracked as CVE-2026-24858 with a CVSS score of 9.4. Arctic Wolf observed automated attacks creating administrator accounts and exfiltrating configuration files from FortiGate firewalls. The new flaw is related to earlier December fixes for CVE-2025-59718 and CVE-2025-59719 and affected devices despite those patches. The vulnerability permits an attacker with a FortiCloud account and a registered device to access other registered devices when FortiCloud SSO is enabled. Fortinet blocked malicious accounts, briefly disabled FortiCloud SSO, and issued fixes in specified FortiOS, FortiManager, and FortiAnalyzer versions.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]