CVE-2026-24858
CVE-2026-24858
In short
A flaw in Fortinet products allows attackers with a FortiCloud account to log into other users' devices if FortiCloud SSO is enabled. This bypasses normal authentication and gives unauthorized access to sensitive systems.
Technical detail
Authentication bypass via alternate channel (CWE-288) affecting multiple Fortinet products when FortiCloud SSO is enabled. An attacker with any valid FortiCloud account and registered device can authenticate as other users on unrelated devices. The vulnerability exploits improper validation of SSO credentials across device boundaries.
Summary generated and translated by AI from the official description.
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
Affected products
Fortinet · FortiAnalyzerFortinet · FortiManagerFortinet · FortiNAC-FFortinet · FortiOSFortinet · FortiProxyFortinet · FortiWebWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →