CVE-2026-24858

Summary

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb8.0.0 <= 8.0.3affected
FortinetFortiWeb7.6.0 <= 7.6.6affected
FortinetFortiWeb7.4.0 <= 7.4.11affected
FortinetFortiNAC-F7.6.3 <= 7.6.5affected
FortinetFortiOS7.6.0 <= 7.6.5affected
FortinetFortiOS7.4.0 <= 7.4.10affected
FortinetFortiOS7.2.0 <= 7.2.12affected
FortinetFortiOS7.0.0 <= 7.0.18affected
FortinetFortiAnalyzer7.6.0 <= 7.6.5affected
FortinetFortiAnalyzer7.4.0 <= 7.4.9affected
FortinetFortiAnalyzer7.2.0 <= 7.2.11affected
FortinetFortiAnalyzer7.0.0 <= 7.0.15affected
FortinetFortiProxy7.6.0 <= 7.6.4affected
FortinetFortiProxy7.4.0 <= 7.4.12affected
FortinetFortiProxy7.2.0 <= 7.2.15affected
FortinetFortiProxy7.0.0 <= 7.0.22affected
FortinetFortiManager7.6.0 <= 7.6.5affected
FortinetFortiManager7.4.0 <= 7.4.9affected
FortinetFortiManager7.2.0 <= 7.2.11affected
FortinetFortiManager7.0.0 <= 7.0.15affected

Weaknesses

  • CWE-288: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

Additional References

References