CVE-2026-24858CRITICAL 9.8CISA KEVEPSS p98.9%

CVE-2026-24858Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability

Fortinet / Multiple Products

Description

Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS55.13% probability of exploitation · percentile 98.9% · 2026-06-18T12:00:27Z
Published2026-01-27
Last modified2026-06-09

CISA KEV entry

Added to KEV: 2026-01-27

Underlying weaknesses· 1

CWE-288

References

  1. https://fortiguard.fortinet.com/psirt/FG-IR-26-060
  2. https://cert-portal.siemens.com/productcert/html/ssa-975644.html
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858
  4. https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryFortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerabilitykev-cve-2026-248580%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-22862
CVE
CVE-2022-40684
CVE
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE
CVE-2026-44277
CVE
CVE-2025-54821
CVE
CVE-2026-49938
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.