CVEFinder.io

CVE-2026-24858

⛔ critical
🔍 Scan for this CVE
Summary

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 throu

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

CVSS Score
9.8
Critical
EPSS Score
4.8
Exploit Probability
Published Date
2026-01-27
First Seen: 2026-01-28
📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.5% of all 326,604 vulnerabilities in our database.

#31,067
Top 10% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jan 28, 2026
🔍 Exploitation Status
Active
Exploits detected in the wild
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-06-09
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-288

📦 Affected Products 25

Vendor Product Status Affected Versions
fortinet fortios Affected
≥ 7.0.0 ≤ 7.0.18
fortinet fortios Affected
≥ 7.2.0 ≤ 7.2.12
fortinet fortios Affected
≥ 7.4.0 < 7.4.11
fortinet fortios Affected
≥ 7.6.0 ≤ 7.6.5
fortinet fortios Affected
> 7.6.0 < 7.6.6
fortinet fortiweb Affected
≥ 7.4.0 ≤ 7.4.11
fortinet fortiweb Affected
≥ 7.6.0 ≤ 7.6.6
fortinet fortiweb Affected
≥ 8.0.0 ≤ 8.0.3
fortinet fortianalyzer Affected
≥ 7.0.0 ≤ 7.0.15
fortinet fortianalyzer Affected
≥ 7.2.0 ≤ 7.2.11
fortinet fortianalyzer Affected
≥ 7.4.0 < 7.4.10
fortinet fortianalyzer Affected
≥ 7.6.0 < 7.6.5
fortinet fortianalyzer Affected
> 7.6.0 < 7.6.6
fortinet fortimanager Affected
≥ 7.0.0 ≤ 7.0.15
fortinet fortimanager Affected
≥ 7.2.0 ≤ 7.2.11
fortinet fortimanager Affected
≥ 7.4.0 < 7.4.10
fortinet fortimanager Affected
≥ 7.6.0 ≤ 7.6.5
fortinet fortimanager Affected
> 7.6.0 < 7.6.6
fortinet fortiproxy Affected
> 7.0.0 < 7.0.22
fortinet fortiproxy Affected
> 7.2.0 < 7.2.15
fortinet fortiproxy Affected
≥ 7.0.0 ≤ 7.4.12
fortinet fortiproxy Affected
> 7.4.0 < 7.4.12
fortinet fortiproxy Affected
≥ 7.6.0 ≤ 7.6.4
siemens ruggedcom_ape1808_firmware Affected
v-
fortinet fortinac-f Affected
> 7.6.3 < 7.6.6

🔗 References 4

https://fortiguard.fortinet.com/psirt/FG-IR-26-060
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa...
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource
https://www.fortinet.com/blog/psirt-blogs/analysis-o...
Mitigation Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-0257 ⛔ critical 9.1 58.8 Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software al... 2026-05-13
CVE-2025-53844 ⚠️ high 8.8 0.0 A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 ... 2026-05-12
CVE-2025-67604 🔶 medium 5.3 0.1 A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0... 2026-05-12
CVE-2025-53847 🔶 medium 6.5 0.0 A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 thro... 2026-04-14
CVE-2026-39811 🔶 medium 4.9 0.1 A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, F... 2026-04-14
CVE-2026-39814 🔶 medium 6.7 0.0 A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb... 2026-04-14
These CVEs affect the same products