CVE-2024-55591: Fortinet FortiOS and FortiProxy Authentication Bypass

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability. Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

• CISA KEV-listed (remediation due 2025-01-21)
• used in ransomware campaigns
• EPSS 94.1% (99.9% percentile)

Related briefings

• 166 Victims in 33 Countries: NightSpire's Global Expansion in Numbers 2026-03-15
• Spectral Flux (NightSpire): Threat Actor Profile and Technical Analysis 2026-03-07
• NightSpire Kill Chain: How a FortiOS Zero-Day Became Ransomware's Favorite Front Door 2026-02-01

Browse the CVE database

Read the full analysis on IntelFusions