HIGHCISA AlertsAI REVIEWED2026-03-04 07:58:24

Fact-check: The article is sourced from CISA, a reliable government agency, and details a verified vulnerability (CVE-2026-24858) with observed exploitation, consistent with their role in critical infrastructure alerts. No contradictions were found in cross-referencing with general verified reporting, making it well-supported and trustworthy.

Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

fortinetfortiosfortimanagercve-2026-24858authentication-bypasscisacritical-infrastructurenetwork-security

Fortinet has disclosed a new authentication bypass vulnerability (CVE-2026-24858) affecting FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer when FortiCloud SSO is enabled, allowing attackers with a FortiCloud account to access devices registered to other users. Active exploitation has been observed, including unauthorized firewall configuration changes, account creation, and VPN modifications. Fortinet temporarily disabled FortiCloud SSO on January 26, 2026, reinstating it with mi

Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

[Sources]