Authentication Bypass in Fortinet FortiAnalyzer and FortiManager Products
CVE-2026-24858
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 27 January 2026
Badges
What is CVE-2026-24858?
CVE-2026-24858 is a serious vulnerability affecting Fortinet's FortiAnalyzer and FortiManager products, which are integral to network security management and analysis. These products are designed to provide organizations with insights into their network performance, security monitoring, and management capabilities. The vulnerability exists due to an authentication bypass issue, which allows attackers to exploit a specific flaw in how FortiCloud single sign-on (SSO) authentication is implemented. If successful, an attacker with access to a FortiCloud account and a registered device could log into devices managed by other accounts, leading to unauthorized access.
This flaw is particularly concerning because it compromises the integrity of device authentication, potentially allowing cybercriminals to manipulate system settings, access sensitive data, or reconfigure security parameters without permission. Given that these products are widely used in enterprise environments, the implications of this vulnerability could include significant disruptions in security operations and the potential for broader impacts on organization-wide security postures.
Potential impact of CVE-2026-24858
-
Unauthorized Access to Sensitive Data: Exploiting this vulnerability could give attackers access to sensitive information stored on devices that are accessible through compromised accounts, leading to data breaches and exposure of confidential information.
-
System Manipulation and Misconfiguration: Attackers could potentially alter settings on FortiAnalyzer and FortiManager products, undermining the intended security measures and configurations, which could exacerbate vulnerabilities and lead to further attacks on the network.
-
Reputational Damage and Financial Losses: Organizations that fall victim to exploitation of this vulnerability may experience reputational harm, loss of customer trust, and potentially significant financial costs associated with incident response, remediation efforts, and legal liabilities stemming from data breaches.
CISA has reported CVE-2026-24858
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-24858 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
FortiAnalyzer 7.6.0 <= 7.6.5
FortiAnalyzer 7.4.0 <= 7.4.9
FortiAnalyzer 7.2.0 <= 7.2.11
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
16% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π₯
Vulnerability reached the number 1 worldwide trending spot
- π
Vulnerability started trending
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved