CVE-2026-24858 is a critical authentication bypass vulnerability (CWE-288) in Fortinet products.

It allows attackers to bypass FortiCloud Single Sign-On (SSO) authentication using an alternate authentication path, enabling unauthorized access to protected devices.

The vulnerability affects multiple Fortinet products and versions, including:

• FortiOS
• FortiManager
• FortiAnalyzer

• FortiOS 7.0.x – 7.6.x
• FortiManager 7.0.x – 7.6.x
• FortiAnalyzer 7.0.x – 7.6.x

Attackers can exploit this flaw by abusing FortiCloud SSO authentication to gain unauthorized access to devices belonging to other accounts.

Typical attack outcomes include:

• Logging into devices without valid credentials
• Gaining administrative privileges
• Creating rogue admin or VPN accounts
• Exfiltrating firewall configurations and sensitive data
• Modifying security policies or device configurations

CERTVU recommend:

Immediate Mitigation

• • Apply Fortinet security patches or firmware updates as soon as available.
• • Disable FortiCloud SSO if not required.
• • Restrict administrative access to trusted IP addresses.

Additional Hardening

• • Review logs for suspicious authentication activity.
• • Rotate credentials and API keys.
• • Treat potentially exposed devices as compromised if exploitation is suspected.

These actions are critical because the vulnerability has been reported as actively exploited in some environments.