POSTING DATE: 2026/01/29

[VULNERABILITY ALERT] Major Security Vulnerability in Fortinet's FortiCloud SSO (CVE-2026-24858)

  • Subject: [VULNERABILITY ALERT] Major Security Vulnerability in Fortinet's FortiCloud SSO (CVE-2026-24858)


  • Content Description:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center (TWCERTCC) Security Alert TWCERTCC-200-202601-00000025
    • Fortinet has released a major security vulnerability notice for FortiCloud SSO (CVE-2026-24858, CVSS: 9.8). This is an authentication bypass vulnerability that allows an attacker with a FortiCloud account and a registered device to log into other devices registered to different accounts. Note: Fortinet has observed attackers exploiting this vulnerability; it is recommended to take temporary mitigation measures immediately to prevent potential attacks.
  • Affected Platforms:
    • FortiAnalyzer versions 7.6.0 to 7.6.5
    • FortiAnalyzer versions 7.4.0 to 7.4.9
    • FortiAnalyzer versions 7.2.0 to 7.2.11
    • FortiAnalyzer versions 7.0.0 to 7.0.15
    • FortiManager versions 7.6.0 to 7.6.5
    • FortiManager versions 7.4.0 to 7.4.9
    • FortiManager versions 7.2.0 to 7.2.11
    • FortiManager versions 7.0.0 to 7.0.15
    • FortiOS versions 7.6.0 to 7.6.5
    • FortiOS versions 7.4.0 to 7.4.10
    • FortiOS versions 7.2.0 to 7.2.12
    • FortiOS versions 7.0.0 to 7.0.18
    • FortiProxy versions 7.6.0 to 7.6.4
    • FortiProxy versions 7.4.0 to 7.4.12
    • All FortiProxy 7.2 versions
    • All FortiProxy 7.0 versions
  • Recommended Actions:
    • Please update to the following versions:
    • FortiAnalyzer 7.6.6 and later
    • FortiAnalyzer 7.4.10 and later
    • FortiAnalyzer 7.2.12 and later
    • FortiAnalyzer 7.0.16 and later
    • FortiManager 7.6.6 and later
    • FortiManager 7.4.10 and later
    • FortiManager 7.2.13 and later
    • FortiManager 7.0.16 and later
    • FortiOS 7.6.6 and later
    • FortiOS 7.4.11 and later
    • FortiOS 7.2.13 and later
    • FortiOS 7.0.19 and later
    • FortiProxy 7.6.6 and later
    • FortiProxy 7.4.13 and later
    • Note: For FortiProxy 7.2 and FortiProxy 7.0, please migrate to a fixed version.
  • Reference Material:
    1. https://www.twcert.org.tw/tw/cp-169-10678-e5cd4-1.html

Computer and Communication Center
Network Systems Division, Respectfully