Fortinet, a major provider of enterprise cybersecurity solutions, has disclosed and patched a critical authentication bypass vulnerability affecting multiple Fortinet products that use FortiCloud Single Sign-On (SSO). Tracked as CVE-2026-24858, the issue is confirmed to be under active exploitation and could allow unauthorized administrative access to affected devices.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added it to its Known Exploited Vulnerabilities (KEV) catalog, directing federal agencies and organizations to remediate by January 30, 2026.
Fortinet has acknowledged real-world abuse of this flaw and confirmed that malicious FortiCloud accounts were used to target customer environments before being disabled. Given the central role Fortinet products play in network security, successful exploitation could lead to configuration tampering, credential exposure, and broader network compromise.
Understanding the Authentication Bypass
CVE-2026-24858 is an authentication bypass vulnerability related to FortiCloud SSO. An attacker with a FortiCloud account and a registered device could potentially bypass authentication controls and gain access to other Fortinet devices registered under different customer accounts, provided FortiCloud SSO is enabled.
The vulnerability impacts multiple Fortinet products, including:
- FortiOS
- FortiManager
- FortiAnalyzer
- FortiProxy
FortiCloud SSO is not enabled by default but is commonly activated during device registration or centralized management workflows. The risk is elevated in environments where FortiCloud SSO is used for administrative access through multiple devices or customer accounts.
Immediate Actions to Protect Your Network
To protect your environment and limit potential impact, ACA recommends the following steps:
- Apply Fortinet security patches immediately: Upgrade all affected Fortinet products to the latest fixed versions provided by Fortinet.
- Disable FortiCloud SSO if not required: Until patching is confirmed, ensure administrative login via FortiCloud SSO is disabled across all devices.
- Rotate credentials: Reset administrative credentials and review authentication integrations if compromise is suspected.
- Restrict management access: Limit exposure of management interfaces to trusted networks only and enforce MFA for all administrative access paths.
- Audit administrative access: Review device logs and configurations for signs of unauthorized access, including the creation of new or unexpected local administrator accounts.
ACA Solutions to Strengthen Your Defense
ACA Aponix helps firms strengthen their cybersecurity programs to mitigate risks from vulnerabilities. Our services include:
- Aponix Protect: Helps implement a robust patch management process that identifies and remediates vulnerabilities before they can be exploited.
- Aponix Business Continuity Plan (BCP) Assessment: Evaluates organizational preparedness for disruptions by identifying critical business functions, assessing key risks, and delivering actionable recommendations to strengthen resilience.
- Aponix Incident Response Tabletop Exercises: Evaluates readiness for cyber incidents by testing incident response plans, validating team roles, and identifying documentation or operational gaps.
Contact our experts to find out how ACA can help secure your firm against cyber threats and comply with regulatory expectations.