CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-24858

criticalknown exploitedcovered by 1 sourcefirst seen 2026-01-27
Actively exploited. CVE-2026-24858 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-01-27) — exploitation has been observed in the wild, and US federal agencies are required to remediate it under BOD 22-01. Treat patching as urgent.
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

CSIRTS triage

What
An authentication bypass vulnerability allows attackers to log into devices registered to other accounts.
Who is affected
Users with FortiCloud accounts and registered devices are affected.
Urgency
Immediate remediation is necessary due to active exploitation and critical severity.
Action
Implement the recommended security updates from Fortinet.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-24858

Get an email if CVE-2026-24858 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-24858

CVE.org record

CISA KEV catalog

Embed the live status

CVE-2026-24858 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-24858 status](https://www.csirts.com/badge/CVE-2026-24858)](https://www.csirts.com/cve/CVE-2026-24858)