vulnerability

Fortinet FortiOS: CVE-2026-24858: Authentication Bypass Using an Alternate Path or Channel Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jan 27, 2026	Feb 2, 2026	Feb 3, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jan 27, 2026

Added

Feb 2, 2026

Modified

Feb 3, 2026

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability in FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Solution

fortios-upgrade-latest

References

CVE-2026-24858
https://attackerkb.com/topics/CVE-2026-24858
CWE-288
URL-https://www.fortiguard.com/psirt/FG-IR-26-060

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today