CVE-2026-24858
Published: January 27, 2026
Official Description
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
CISA KEV Advisory
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Risk Analysis
This critical vulnerability in Fortinet products allows an attacker with a FortiCloud account and a registered device to bypass authentication and log into other devices registered to different accounts, provided FortiCloud SSO is enabled. Its CVSS score of 9.8 and confirmed exploitation in the wild highlight the severe risk of unauthorized access.
This vulnerability is actively being exploited in the wild and is included in CISA's KEV catalog. It is remotely exploitable with low attack complexity.
Disable FortiCloud SSO authentication if not strictly necessary, and apply all vendor-provided patches for Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy.
Technical Analysis
CVE-2026-24858 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 9.8.
CISA has added CVE-2026-24858 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
News & Research Mentioning CVE-2026-24858
View CSAF Summary Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. The following versions of Siemens RUGGEDCOM APE1808 Devices are affected: RUGGEDCOM APE1808 vers:all/*, vers:all/* (CVE-2026-24858, CVE-2025-55018, CVE-2025-62439, CVE-2025-64157) CVSS Vendor Equipment Vulnerabilities v3 9.8 Siemens Siemens RUGGEDCOM APE1808 Devices Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Improper Verification of Source of a Communication Channel, Use of Externally-Controlled Format String, Authentication Bypass Using an Alternate Path or Channel [xlite_meta score:73 src:CISA Alerts xlite_fp:b9220c4bab7ee5932dbbf3e739a11368c0838b3e9fa506c4ec7c77ccd726205c]
All References (2)
Quick Facts
Known Threat Actors
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-24858 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1