CVE-2026-24858

Published Jan 27, 2026

Last updated 3 months ago

Exploit knownCVSS critical 9.8
Fortinet
Network
API
Supply chain
VPN
Firmware

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-24858 is an authentication bypass vulnerability, categorized as CWE-288 (Authentication Bypass Using an Alternate Path or Channel), affecting several Fortinet products including FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and FortiWeb across various versions. The flaw resides within the FortiCloud Single Sign-On (SSO) login mechanism. This vulnerability allows an attacker who possesses their own FortiCloud account and a registered device to gain unauthorized access to other devices registered to different accounts, provided that FortiCloud SSO authentication is enabled on those target devices. Although FortiCloud SSO is not enabled by default, it can be automatically activated when an administrator registers a device to FortiCare through the graphical user interface, unless explicitly disabled during the registration process. Once access is gained, threat actors have been observed creating local administrative accounts, altering configurations to enable VPN access, and exfiltrating sensitive firewall configuration data.

Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Source
psirt@fortinet.com
NVD status
Analyzed
Products
fortianalyzer, fortimanager, fortiproxy, fortiweb, fortios

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Exploit added on
Jan 27, 2026
Exploit action due
Jan 30, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@fortinet.com
CWE-288

Social media

Hype score
Not currently trending

  1. FortiGate のゼロデイ脆弱性 CVE-2026-24858 などを悪用:ネットワーク侵入と資格情報窃取を検出 https://t.co/IJuFDvl6Oz このインシデントが示すのは、複数の深刻な脆弱性が原因となり、被害が広がってしまう状況です

    @iototsecnews

    20 Mar 2026

    131 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Hackers Exploit FortiGate Firewalls in Widespread Attacks to Steal Network Credentials Threat actors are primarily abusing several FortiGate vulnerabilities, including CVE-2025-59718, CVE-2025-59719, and the recently patched CVE-2026-24858. These flaws allow unauthorized users h

    @johndjohnson

    17 Mar 2026

    861 Impressions

    8 Retweets

    11 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  3. 📌 استغلال ثغرات في جدران حماية FortiGate لاختراق الشبكات وسرقة بيانات الاعتماد 🛡️ الفئة: هجوم سيبراني 📝 الملخص: رصدت عمليات اختراق متعددة استهدفت جدران

    @GMashari

    16 Mar 2026

    173 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 📌 استغلال ثغرات في جدران حماية FortiGate لاختراق الشبكات وسرقة بيانات الاعتماد رصدت عمليات اختراق متعددة استهدفت جدران الحماية FortiGate (NGFW) في أوائل عام 2026، حي

    @MisbarSec

    16 Mar 2026

    159 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. FortiGate NGFWs exploited since Nov 2025 via #CVE-2025-59718, CVE-2025-59719, CVE-2026-24858 to steal LDAP credentials & exfiltrate NTDS.dit. Patch immediately. #threatintel #mssp #cybersecurity #mssp

    @bettermssp

    11 Mar 2026

    144 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. FortiGate devices exploited via CVE-2025-59718/19 and CVE-2026-24858 to extract AD/LDAP credentials, enabling lateral movement, malware. Healthcare, government, and MSPs targeted, attackers creating admin accounts, exfiltrating NTDS.dit via AWS. https://t.co/eHC23nYfEP

    @LLMTalksTech

    11 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. TRC analysis shows attackers exploited FortiGate devices (CVE-2025-59718, CVE-2026-24858) to extract encrypted service account credentials from configuration files. After decrypting the credentials, they authenticated to Active Directory and enrolled rogue workstations for

    @aviatrixtrc

    10 Mar 2026

    129 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. FortiGate機器を入口としたネットワーク侵害について。SentinelOne社報告。CVE-2025-59718、CVE-2025-59719、CVE-2026-24858で例示される既知の脆弱性の悪用。 https://t.co/YDeBMmdsL4

    @__kokumoto

    10 Mar 2026

    1282 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  9. FortiOS 7.4.11が来てるので対応 ちなみに、ひとつ前の7.4.10のスコアは以下の通り FortiOS 7.4.10 CVE-2026-24858 Max CVSS 9.8 EPSS Score 3.71% CVE-2025-54821 Max CVSS 6.0 EPSS Score 0.02% CVE-2025-31514 Max CVSS 4.3 EPSS Score 0.04%

    @g_yotuya

    3 Feb 2026

    316 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Top 5 Trending CVEs: 1 - CVE-2025-43529 2 - CVE-2026-1281 3 - CVE-2026-24858 4 - CVE-2024-12084 5 - CVE-2026-24061 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Feb 2026

    187 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 FortiOS [—] Jan 30, 2026 Comprehensive security advisory on recent, actively exploited authentication bypass vulnerabilities (CVE-2026-24858, CVE-2025-59718) endangering FortiOS and related products despite recent patches. Checkout our Threat Intelligence Platform:... http

    @transilienceai

    30 Jan 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 CRITICAL THREAT ALERT CVE-2026-24858: Fortinet SSO bypass - PATCH NOW! CVE-2025-55182: React RCE - Active exploitation 100+ new malicious URLs Emotet/QakBot C2s active #ThreatIntel #CyberSecurity

    @404LABSx

    29 Jan 2026

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Top 5 Trending CVEs: 1 - CVE-2025-43529 2 - CVE-2026-24858 3 - CVE-2025-8088 4 - CVE-2025-15467 5 - CVE-2025-23049 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    29 Jan 2026

    137 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Google alerte sur l'exploitation active d'une vulnérabilité critique WinRAR (CVE-2026-24858) par des acteurs étatiques. Patch urgent nécessaire. #Cybersecurity #ZeroDay https://t.co/rES71xLzOy https://t.co/rES71xLzOy

    @cyberwatcher_

    28 Jan 2026

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 【独自】フォーティネットがFortiOS等多数の製品における重大(Critical)な認証回避のゼロデイ脆弱性CVE-2026-24858を修正。FortiCloud SSO経由での認証回避の脆弱性CVE-2025-59718へのパッチを当てても被害が続いていた関

    @__kokumoto

    27 Jan 2026

    3463 Impressions

    9 Retweets

    14 Likes

    11 Bookmarks

    2 Replies

    1 Quote

Configurations

Related CVEs

  1. Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.CVE-2024-54011
  2. A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.CVE-2026-25775
  3. An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.CVE-2026-40688
  4. A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>CVE-2026-39814
  5. A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via <insert attack vector here>CVE-2026-39811

References

Sources include official advisories and independent security research.