Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Fortinet blocked FortiCloud single sign-on access globally to stop attacks exploiting a critical zero-day vulnerability allowing unauthorized admin access, with patches still in development.

Summary by BleepingComputer
Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions.

8 Articles

CyberScoopCyberScoop
Center

Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers

Fortinet customers are confronting another actively exploited zero-day vulnerability that allows attackers to bypass authentication in the single sign-on flow for FortiCloud and gain privileged access to multiple Fortinet firewall products and related services. The vendor issued a security advisory for the vulnerability — CVE-2026-24858 — warning that some instances of exploitation already occurred earlier this month. Fortinet has yet to release…

Read Full Article
BleepingComputerBleepingComputer
Center

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions.

Read Full Article
eSecurityPlaneteSecurityPlanet

Fortinet Confirms CVE-2026-24858 SSO Flaw Under Active Attack

Fortinet confirmed active exploitation of an authentication bypass flaw in FortiCloud SSO that could lead to administrative takeover of affected systems. The issue allows unauthorized attackers to log in to devices they do not own, bypassing expected account boundaries. This vulnerability “… may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentica…

Read Full Article
Clubic.comClubic.com

Fortinet Confirms New Critical Fault on Fortigate

After several days of blurring around a possible patch bypass, Fortinet confirms the active operation of a new zero-day fault related to FortiCloud SSO. Pending patches, the editor blocked the attacks directly on the server side.

Read Full Article
CSO OnlineCSO Online

Critical FortiCloud SSO zero‑day forces emergency service disablement at Fortinet

Open the article to view the coverage from CSO Online

Read Full Article
The Hacker NewsThe Hacker News

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it's

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Tuesday, January 27, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal