Fortinet Releases Patches for Actively Exploited Critical SSO Authentication Bypass Vulnerability in FortiOS
Breaking NewsHackingSecurityCVE-2026-24858FortinetFortiOS SSOHacking NewsInformation Security NewsIT Information SecurityPierluigi PaganiniSecurity AffairsSecurity News
Fortinet has released patches for a critical authentication bypass vulnerability in the Single Sign-On (SSO) feature of FortiOS (CVE-2026-24858, CVSS score 9.4), which is currently being actively exploited. The flaw affects FortiOS, FortiManager, and FortiAnalyzer, allowing attackers to bypass authentication via SSO. Security updates have been deployed to address this vulnerability. Fortinet is investigating whether other products are impacted. No specific disclosure date or exploitation start date has been mentioned.