Severity: Critical
Summary
Fortinet and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have confirmed active exploitation of a critical authentication bypass vulnerability, CVE-2026-24858, affecting multiple Fortinet products when FortiCloud Single Sign-On (SSO) is enabled. This vulnerability allows attackers to bypass authentication and gain unauthorized administrative access to affected devices.
Affected Products
- FortiGate (FortiOS)
- FortiManager
- FortiAnalyzer
- FortiProxy
- FortiWeb
Vulnerability Overview
- CVE ID: CVE-2026-24858
- Type: Authentication bypass (CWE-288)
- CVSS Score: 9.4 (Critical)
- Condition: FortiCloud SSO enabled
Observed Activity
Reported exploitation activity includes unauthorized administrative access, creation of rogue admin accounts, and extraction of firewall and VPN configuration data.
Recommended Actions
- Apply Fortinet patches addressing CVE-2026-24858.
- Disable FortiCloud SSO if not required until systems are fully patched.
- Restrict administrative access to trusted networks only.
- Review logs and configurations for signs of unauthorized access.
Our Status
DataComm is actively monitoring this issue and validating patch levels in accordance with Fortinet and CISA guidance. Customers requiring assistance are encouraged to contact support.
Support
Email: support@www-prod.datacomm.com
Phone: (877) 544-3655
References
