Fortinet Products Security Restriction Bypass Vulnerability
Release Date: 28 Jan 2026
RISK: High Risk
TYPE: Operating Systems - Networks OS
A vulnerability has been identified in Fortinet Products. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.
Note:
CVE-2026-24858 is being exploited in the wild. An Authentication Bypass Using an Alternate Path or Channel vulnerability in Fortinet products may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. Hence, the risk level is rated as High Risk.
Impact
- Security Restriction Bypass
System / Technologies affected
- FortiAnalyzer 7.0 version 7.0.0 through 7.0.15
- FortiAnalyzer 7.2 version 7.2.0 through 7.2.11
- FortiAnalyzer 7.4 version 7.4.0 through 7.4.9
- FortiAnalyzer 7.6 version 7.6.0 through 7.6.5
- FortiManager 7.0 version 7.0.0 through 7.0.15
- FortiManager 7.2 version 7.2.0 through 7.2.11
- FortiManager 7.4 version 7.4.0 through 7.4.9
- FortiManager 7.6 version 7.6.0 through 7.6.5
- FortiOS 7.0 version 7.0.0 through 7.0.18
- FortiOS 7.2 version 7.2.0 through 7.2.12
- FortiOS 7.4 version 7.4.0 through 7.4.10
- FortiOS 7.6 version 7.6.0 through 7.6.5
- FortiProxy 7.0 all versions
- FortiProxy 7.2 all versions
- FortiProxy 7.4 version 7.4.0 through 7.4.12
- FortiProxy 7.6 version 7.6.0 through 7.6.4
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
沒有留言:
發佈留言