- 17/2026
- Critical
Fortinet has released a security update to fix a critical vulnerability across multiple Fortinet products.
addressed vulnerability could allow the attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Fortinet FortiOS, FortiManager, and FortiAnalyzer Security Bypass Vulnerability (CVE-2026-24858):
- CVSS: 9.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Sample of the affected products:
- FortiAnalyzer version 7.6.0 through 7.6.5.
- FortiProxy version 7.6.0 through 7.6.4.
- FortiOS version 7.6.0 through 7.6.5.
- FortiManager version 7.6.0 through 7.6.5.
It should be highlighted that the vulnerability “CVE-2026-24858” is being exploited in the wild and has not yet been patched. Apply Forti’s official recommendatios for mitigation and risk reduction.
Vulnerabilities
CVE-2026-24858
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.