- Description
- An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortianalyzer, fortimanager, fortiproxy, fortiweb, fortios
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
- Exploit added on
- Jan 27, 2026
- Exploit action due
- Jan 30, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- psirt@fortinet.com
- CWE-288
- Hype score
- Not currently trending
FortiOS 7.4.11が来てるので対応 ちなみに、ひとつ前の7.4.10のスコアは以下の通り FortiOS 7.4.10 CVE-2026-24858 Max CVSS 9.8 EPSS Score 3.71% CVE-2025-54821 Max CVSS 6.0 EPSS Score 0.02% CVE-2025-31514 Max CVSS 4.3 EPSS Score 0.04%
@g_yotuya
3 Feb 2026
316 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-43529 2 - CVE-2026-1281 3 - CVE-2026-24858 4 - CVE-2024-12084 5 - CVE-2026-24061 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
1 Feb 2026
187 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 FortiOS [—] Jan 30, 2026 Comprehensive security advisory on recent, actively exploited authentication bypass vulnerabilities (CVE-2026-24858, CVE-2025-59718) endangering FortiOS and related products despite recent patches. Checkout our Threat Intelligence Platform:... http
@transilienceai
30 Jan 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREAT ALERT CVE-2026-24858: Fortinet SSO bypass - PATCH NOW! CVE-2025-55182: React RCE - Active exploitation 100+ new malicious URLs Emotet/QakBot C2s active #ThreatIntel #CyberSecurity
@404LABSx
29 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-43529 2 - CVE-2026-24858 3 - CVE-2025-8088 4 - CVE-2025-15467 5 - CVE-2025-23049 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
29 Jan 2026
137 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google alerte sur l'exploitation active d'une vulnérabilité critique WinRAR (CVE-2026-24858) par des acteurs étatiques. Patch urgent nécessaire. #Cybersecurity #ZeroDay https://t.co/rES71xLzOy https://t.co/rES71xLzOy
@cyberwatcher_
28 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【独自】フォーティネットがFortiOS等多数の製品における重大(Critical)な認証回避のゼロデイ脆弱性CVE-2026-24858を修正。FortiCloud SSO経由での認証回避の脆弱性CVE-2025-59718へのパッチを当てても被害が続いていた関
@__kokumoto
27 Jan 2026
3463 Impressions
9 Retweets
14 Likes
11 Bookmarks
2 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2B61F1F-19A9-4BA6-B12A-ECA95C5634A3",
"versionEndIncluding": "7.0.15",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D467D1D8-1BCF-4A88-8EEE-0D8092C3AE9C",
"versionEndIncluding": "7.2.11",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD96750D-104E-4DAE-A19E-8C92E85429F4",
"versionEndExcluding": "7.4.10",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDF7BF56-B998-4AAE-9B6D-C6F009F8B807",
"versionEndExcluding": "7.6.6",
"versionStartIncluding": "7.6.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "651E452B-3C1D-4738-BDFF-7234B19C63F7",
"versionEndIncluding": "7.0.15",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36D9D75F-B292-4651-8BF0-20AFE2C016C4",
"versionEndIncluding": "7.2.11",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3AF70FA9-34D3-4ADF-B87C-A9C31D4DC174",
"versionEndExcluding": "7.4.10",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "357DA889-E7C0-42B6-96A5-83C0D9E6CC69",
"versionEndExcluding": "7.6.6",
"versionStartIncluding": "7.6.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63D22275-D430-4F99-9170-C8378FF80242",
"versionEndIncluding": "7.0.22",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33FE9C6F-F5A1-43E4-917E-32497D6CC5A6",
"versionEndIncluding": "7.2.15",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA34D10C-0B80-4A37-94D2-CD05E865E149",
"versionEndIncluding": "7.4.12",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A26D8D81-00EE-4A11-B693-DE85B912F267",
"versionEndIncluding": "7.6.4",
"versionStartIncluding": "7.6.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64C16483-DF84-43AA-B5D4-FA8939E4F387",
"versionEndIncluding": "7.4.11",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B40750AD-AE67-42C3-89A5-E64F3D7F0431",
"versionEndIncluding": "7.6.6",
"versionStartIncluding": "7.6.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDCDD451-D984-4EC9-AB30-42D553FF0BD7",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A0CDFB7-0B78-4B3E-9E19-34E5F2479271",
"versionEndIncluding": "7.0.18",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25DF0315-DF9C-4C51-9902-ED607B049152",
"versionEndIncluding": "7.2.12",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ADAF67E-132B-4810-8919-38AC80BF59F5",
"versionEndExcluding": "7.4.11",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96C45B06-625A-4EFE-A720-242E33611B50",
"versionEndExcluding": "7.6.6",
"versionStartIncluding": "7.6.0"
}
],
"operator": "OR"
}
]
}
]