"Those hoping for a reprieve following last week's patch pantomime are out of luck. After users reported successful compromises of FortiCloud SSO accounts, despite being patched against an earlier flaw, the vendor confirmed there was an alternate attack path. According to a security advisory published Tuesday, that alternate path was assigned a separate vulnerability identifier (CVE-2026-24858, CVSS 9.4), and the company disabled FortiCloud SSO connections made from vulnerable versions."
"Fortinet confirmed that CVE-2026-24858, an authentication bypass bug, was exploited in the wild by two malicious FortiCloud accounts, but these were blocked as of January 22. Customers of FortiAnalyzer, FortiManager, FortiOS, and FortiProxy are all affected and should upgrade to the version recommended in the advisory to restore FortiCloud SSO services. Some versions have safe releases available already, although patches are still in the works for most."
Fortinet disclosed a new critical FortiCloud SSO vulnerability, CVE-2026-24858 (CVSS 9.4), that provides an authentication bypass and was exploited in the wild. The company disabled FortiCloud SSO connections from vulnerable versions while patches remain unavailable. Two malicious FortiCloud accounts exploited the bug but were blocked on January 22. Customers running FortiAnalyzer, FortiManager, FortiOS, and FortiProxy are affected and should upgrade to advised versions to restore services; some safe releases exist while most patches are still pending. FortiWeb and FortiSwitch Manager exposure remains under investigation. Earlier December patches were bypassed via an alternate attack path.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]