—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Security Restriction Bypass Vulnerability in Fortinet Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

FortiAnalyzer versions from 7.6.0 through 7.6.5

FortiAnalyzer versions from 7.4.0 through 7.4.9

FortiAnalyzer versions from 7.2.0 through 7.2.11

FortiAnalyzer versions from 7.0.0 through 7.0.15

FortiManager versions from 7.6.0 through 7.6.5

FortiManager versions from 7.4.0 through 7.4.9

FortiManager versions from 7.2.0 through 7.2.11

FortiManager versions from 7.0.0 through 7.0.15

FortiOS versions from 7.6.0 through 7.6.5

FortiOS versions from 7.4.0 through 7.4.10

FortiOS versions from 7.2.0 through 7.2.12

FortiOS versions from 7.0.0 through 7.0.18

FortiProxy versions from 7.6.0 through 7.6.4

FortiProxy versions from 7.4.0 through 7.4.12

FortiProxy versions from 7.2.0 through 7.2.15

FortiProxy versions from 7.0.0 through 7.0.22

Overview

An authentication bypass using an alternate path or channel vulnerability has been reported in multiple Fortinet products, which could allow an attacker to trigger security restriction bypass on the targeted system.

Target Audience

All end-user organizations and individuals using Fortinet Products.

Risk Assessment

High risk of unauthorized access to sensitive information.

Impact Assessment

Potential impact on system confidentiality, integrity, and availability due to full administrative ac-cess to affected devices.

Description

Fortinet FortiAnalyzer is a centralized logging, analytics, and reporting platform that provides visibility across Fortinet security devices. FortiManager is a centralized management platform used to configure and manage Fortinet security infrastructure. FortiOS is the unified operating system that serves as the common security and networking foundation across Fortinet products.

This vulnerability exists due to an authentication bypass using an alternate path or channel in the FortiCloud SSO mechanism, which allows administrative authentication via an unintended authentication path when FortiCloud SSO is enabled.

Successful exploitation may allow an attacker with a FortiCloud account to log in with adminis-trative privileges, download device configuration files, and create new local administrator ac-counts to establish persistence on affected systems.

Note: This vulnerability (CVE-2026-24858) is being exploited in the wild. Users are strongly ad-vised to apply the latest patches immediately.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.fortiguard.com/psirt/FG-IR-26-060

References

Fortinet

https://www.fortiguard.com/psirt/FG-IR-26-060

CVE Name

CVE-2026-24858

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml8zb0ACgkQ3jCgcSdc

ys89ew/5Afm8CR3u6hIhU6oVEA0YdRyba/C9uWmKO/r2U+T6RpjKNhqq+DKH1Xmf

FlEwD4Dst7J1kzJVyBWn7n7NT60ebzbF+yamtTog/fRvFbqL1+htjEK0tRvMnGj1

g0Xw2s06Vr+cYrZtFSnwQvD5BmqdlsH9huMXv1mKt5X6ZRxdM1wjolfMAJbSTwTJ

uRlQcYaLgVnyEkn4j9S9QNHgexzbqncXiB8WTMHeONsx7w7G+6/+xhllU4yXKXQm

Fsk+S4VZ/WKJwo7zPmmfYzqZZSoYvAuqgmnAXVoW5CAH4hxK2Bqte3SQPzv1Jp3G

NV1Sw2aBJVo7EHTkU7in7XE1uApUOGjvy59J2+rBinsrmAvCzPrh6i0XUyICJ4kK

al/5+WP32FxhQoGMocRxIs5A2b+b7dLWElWlhKGswkqCfcoJ+l6KcVMPhCZZjDUJ

WwZX+5gMHhSeZGoxbDXSQ5DbFXCg1gszlfUd8UonDlvysQVQD/ooDoDHlAHdagsU

d8l5uDT5zBMr+qSDwDso/GB92dgDWVshbaUaXRM/jXJKnTQTX4+sTrthS24mB3+3

addS4u/HJgki5lxpWINwCuRtDiS3n0c2MfjRzizQ7FKuzWXn1yfCS8uvAY7RnyPq

rTKJXp0bZ7cY1CsfQbf8mnPw0bE8Rswhsfbrd62FRIHiJJtG3Q8=

=lFtw

—–END PGP SIGNATURE—–