CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2026-24858

CVSS 9.8v3.1pub. 2026-01-27upd. 2026-06-09

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

🤖 AI Analysis
How it works

The flaw lies in improper user identity verification during the authentication process through an alternative path or channel (FortiCloud SSO). An attacker, having their own legitimate FortiCloud account and at least one registered device, can bypass standard access controls and authenticate to devices belonging to other organizations or accounts, provided those devices have FortiCloud SSO enabled. The SSO mechanism improperly isolates sessions and identities between different tenants, creating a pathway for unauthorized access.

Impact

An attacker can gain full unauthorized access to Fortinet devices of other organizations — potentially taking control of network configuration, firewalls, management and analysis systems. The consequences include breach of confidentiality, integrity, and availability of protected systems (CVSS C:H/I:H/A:H).

Mitigation & patch

Immediately apply patches available from the vendor according to references (https://fortiguard.fortinet.com/psirt/FG-IR-26-060). Until updates are installed, it is recommended to disable FortiCloud SSO functionality on all affected devices. Due to active exploitation (CISA KEV), remediation actions should be taken immediately.

Who is affected

FortiAnalyzer 7.0.0–7.0.15, 7.2.0–7.2.11, 7.4.0–7.4.9, 7.6.0–7.6.5; FortiManager 7.0.0–7.0.15, 7.2.0–7.2.11, 7.4.0–7.4.9, 7.6.0–7.6.5; FortiNAC-F 7.6.3–7.6.5; FortiOS 7.0.0–7.0.18, 7.2.0–7.2.12, 7.4.0–7.4.10, 7.6.0–7.6.5; FortiProxy 7.0.0–7.0.22, 7.2.0–7.2.15, 7.4.0–7.4.12, 7.6.0–7.6.4; FortiWeb 7.4.0–7.4.11, 7.6.0–7.6.6, 8.0.0–8.0.3. A necessary condition is that FortiCloud SSO functionality is enabled.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortianalyzer

    APP
    Fortinet
    7.6.0 – 7.6.6 (bez)7.0.0 – 7.0.157.2.0 – 7.2.117.4.0 – 7.4.10 (bez)
  • Fortinet Fortimanager

    APP
    Fortinet
    7.4.0 – 7.4.10 (bez)7.0.0 – 7.0.157.2.0 – 7.2.117.6.0 – 7.6.6 (bez)
  • Fortinet Fortinac F

    APP
    Fortinet
    7.6.3 – 7.6.6 (bez)
  • Fortinet FortiOS

    OS
    Fortinet
    7.6.0 – 7.6.6 (bez)7.0.0 – 7.0.187.2.0 – 7.2.127.4.0 – 7.4.11 (bez)
  • Fortinet Fortiproxy

    APP
    Fortinet
    7.4.0 – 7.4.127.0.0 – 7.0.227.2.0 – 7.2.157.6.0 – 7.6.4
  • Fortinet Fortiweb

    APP
    Fortinet
    8.0.0 – 8.0.37.6.0 – 7.6.67.4.0 – 7.4.11
  • Siemens Ruggedcom Ape1808

    HW
    Siemens
    wszystkie wersje
  • Siemens Ruggedcom Ape1808 Firmware

    OS
    Siemens
    wszystkie wersje

CISA KEV — detailsi

Vendori
Fortinet
Producti
Multiple Products
Added to KEVi
January 27, 2026
Remediation deadline (US Federal)i
January 30, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 30 stycznia 2026
Tags
Auth BypassFirewall
CWE
References

Related vulnerabilities

CVE-2026-0300CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Buffer overflow RCE z uprawnieniami root w PAN-OS Captive Portal

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML

CVE-2025-64446CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Path Traversal w Fortinet FortiWeb umożliwiający zdalne wykonanie poleceń

CVE-2025-25257CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczna podatność SQL Injection w Fortinet FortiWeb — obejście uwierzytelnienia

CVE-2024-55591CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin