#cve-2026-24858

[ follow ]
#forticloud-sso #fortinet #saml-authentication-bypass #authentication-bypass #zero-day #fortios #sso #forticloud
fromTheregister
1 day ago

Fortinet SSO patch bypass gets a separate critical CVE

Those hoping for a reprieve following last week's patch pantomime are out of luck. After users reported successful compromises of FortiCloud SSO accounts, despite being patched against an earlier flaw, the vendor confirmed there was an alternate attack path. According to a security advisory published Tuesday, that alternate path was assigned a separate vulnerability identifier (CVE-2026-24858, CVSS 9.4), and the company disabled FortiCloud SSO connections made from vulnerable versions.
Information security
Information security
fromSecurityWeek
1 day ago

Fortinet Patches Exploited FortiCloud SSO Authentication Bypass

A FortiCloud SSO authentication bypass (CVE-2026-24858) was exploited in the wild; Fortinet released emergency patches for FortiOS, FortiManager, and FortiAnalyzer.
fromThe Hacker News
1 day ago

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it's continuing to investigate if other products, including FortiWeb and FortiSwitch Manager, are impacted by the flaw.
Information security
[ Load more ]