CISA, security researchers warn FortiCloud SSO flaw is under attack

CISA, security researchers warn FortiCloud SSO flaw is under attack

The exploitation activity comes weeks after a similar authentication bypass vulnerability was found.

Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 chayes Jan 28, 2026 Release DateJanuary 28, 2026 DescriptionNewly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 [Common Weakness Enumeration (CWE)-288: Authentication Bypass Using an Alternate Path or Channel] allows malicious actors with a FortiCloud account and a registered device to log in to separ…