[Content]
Forwarded from TWCERTCC-200-202601-00000025

Fortinet has released a critical security advisory for FortiCloud SSO (CVE-2026-24858, CVSS: 9.8). This is an authentication bypass vulnerability that allows attackers who possess a FortiCloud account and registered devices to log in to other devices that are registered under different accounts.

Note: Fortinet has currently observed active exploitation of this vulnerability. It is recommended to promptly implement temporary mitigation measures to prevent potential attacks targeting this vulnerability.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
FortiAnalyzer versions 7.6.0 through 7.6.5

FortiAnalyzer versions 7.4.0 through 7.4.9

FortiAnalyzer versions 7.2.0 through 7.2.11

FortiAnalyzer versions 7.0.0 through 7.0.15

FortiManager versions 7.6.0 through 7.6.5

FortiManager versions 7.4.0 through 7.4.9

FortiManager versions 7.2.0 through 7.2.11

FortiManager versions 7.0.0 through 7.0.15

FortiOS versions 7.6.0 through 7.6.5

FortiOS versions 7.4.0 through 7.4.10

FortiOS versions 7.2.0 through 7.2.12

FortiOS versions 7.0.0 through 7.0.18

FortiProxy versions 7.6.0 through 7.6.4

FortiProxy versions 7.4.0 through 7.4.12

FortiProxy all versions of 7.2

FortiProxy all versions of 7.0

[Recommended Actions]
FortiAnalyzer version 7.6.6 or later

FortiAnalyzer version 7.4.10 or later

FortiAnalyzer version 7.2.12 or later

FortiAnalyzer version 7.0.16 or later

FortiManager version 7.6.6 or later

FortiManager version 7.4.10 or later

FortiManager version 7.2.13 or later

FortiManager version 7.0.16 or later

FortiOS version 7.6.6 or later

FortiOS version 7.4.11 or later

FortiOS version 7.2.13 or later

FortiOS version 7.0.19 or later

FortiProxy version 7.6.6 or later

FortiProxy version 7.4.13 or later

Note: FortiProxy versions 7.2 and 7.0 should be migrated to a fixed supported version.