CVE-2026-24858: Fortinet Multiple Products Authentication Bypass Using an
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability. Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
- CISA KEV-listed (remediation due 2026-01-30)
- EPSS 4.8% (89.7% percentile)