CVE-2026-24858
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
Summary
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet | FortiWeb | 8.0.0 <= 8.0.3 | affected |
| Fortinet | FortiWeb | 7.6.0 <= 7.6.6 | affected |
| Fortinet | FortiWeb | 7.4.0 <= 7.4.11 | affected |
| Fortinet | FortiNAC-F | 7.6.3 <= 7.6.5 | affected |
| Fortinet | FortiOS | 7.6.0 <= 7.6.5 | affected |
| Fortinet | FortiOS | 7.4.0 <= 7.4.10 | affected |
| Fortinet | FortiOS | 7.2.0 <= 7.2.12 | affected |
| Fortinet | FortiOS | 7.0.0 <= 7.0.18 | affected |
| Fortinet | FortiAnalyzer | 7.6.0 <= 7.6.5 | affected |
| Fortinet | FortiAnalyzer | 7.4.0 <= 7.4.9 | affected |
| Fortinet | FortiAnalyzer | 7.2.0 <= 7.2.11 | affected |
| Fortinet | FortiAnalyzer | 7.0.0 <= 7.0.15 | affected |
| Fortinet | FortiProxy | 7.6.0 <= 7.6.4 | affected |
| Fortinet | FortiProxy | 7.4.0 <= 7.4.12 | affected |
| Fortinet | FortiProxy | 7.2.0 <= 7.2.15 | affected |
| Fortinet | FortiProxy | 7.0.0 <= 7.0.22 | affected |
| Fortinet | FortiManager | 7.6.0 <= 7.6.5 | affected |
| Fortinet | FortiManager | 7.4.0 <= 7.4.9 | affected |
| Fortinet | FortiManager | 7.2.0 <= 7.2.11 | affected |
| Fortinet | FortiManager | 7.0.0 <= 7.0.15 | affected |
Weaknesses
- CWE-288: Improper access control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858
- https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.