CVE-2026-24858 Articles

Fortinet Patches FortiCloud SSO Authentication Bypass Under Active Exploitation

CVE-2026-24858 allows attackers with any FortiCloud account to authenticate to other customers' devices. Arctic Wolf observed automated exploitation creating backdoor admin accounts within seconds.

January 27, 2026 Fortinet zero-day vulnerability

Automated Attacks Exploit FortiCloud SSO to Hijack FortiGate Firewalls

Arctic Wolf detected automated attacks on FortiGate devices starting January 15, exploiting CVE-2026-24858 (CVSS 9.8) to create backdoor admin accounts. Fortinet temporarily suspended FortiCloud SSO globally to contain the threat.

January 22, 2026 Fortinet FortiGate zero-day