Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Key Points:

• CVE-2026-24858 is a critical authentication bypass vulnerability in FortiOS, FortiManager, and FortiAnalyzer, currently under active exploitation.
• The flaw allows attackers with a FortiCloud account to log into devices registered to other accounts if FortiCloud SSO authentication is enabled, potentially leading to unauthorized access and configuration changes.
• Users are advised to upgrade their software immediately and treat any signs of compromise as a breach.

Technical Details: CVE-2026-24858 has a CVSS score of 9.4 and involves an authentication bypass via an alternate path or channel. The vulnerability can be exploited by attackers to create local admin accounts, modify configurations for VPN access, and exfiltrate firewall settings.

MITRE ATT&CK Techniques:

• T1078 - Valid Accounts (Defense Evasion, Initial Access)
• T1069 - Permission Groups Discovery (Discovery)
• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)

IOCs Mentioned: None mentioned