Vulnerability Management, Patch/Configuration Management

Actively exploited Fortinet FortiCloud zero-day patched

Data exposed of more than 15K Fortinet FortiGate firewalls. (Adobe Stock)

Fortinet has issued emergency updates to address the critical FortiCloud SSO authentication bypass vulnerability, tracked as CVE-2026-24858, after momentarily deactivating FortiCloud SSO and blocking FortiCloud accounts observed in zero-day intrusions earlier this month, reports SecurityWeek.

Abuse of CVE-2026-24858 could facilitate more extensive compromise for threat actors with FortiCloud account and registered device access, according to Fortinet, which confirmed the flaw to have been harnessed to target FortiGate firewalls that were patched against the critical FortiCloud SSO login bugs, tracked as CVE-2025-59718 and CVE-2025-59719. Immediate upgrades to FortiAnalyzer version 7.4.10, FortiManager version 7.4.10, and FortiOS version 7.4.11 have been recommended to prevent potential compromise. Fortinet also confirmed the inclusion of fixes in FortiAnalyzer versions 7.6.6, 7.2.12, and 7.0.16, FortiManager versions 7.6.6, 7.2.13, and 7.0.16, FortiOS versions 7.6.6, 7.2.13, and 7.0.19, and FortiProxy versions 7.6.6 and 7.4.13.

Federal agencies have been ordered to address CVE-2026-24858 by Jan. 30 following the bug's inclusion to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds