A staggering 3.28 million Fortinet devices are currently at risk due to exposed web properties, highlighting a critical security flaw. This vulnerability, known as CVE-2026-24858, is a severe authentication bypass issue actively exploited in the wild. Rated at 9.4 on the CVSS scale, it affects multiple Fortinet product lines, including FortiOS, FortiManager, and more.
The vulnerability allows threat actors with access to FortiCloud to bypass authentication and gain unauthorized access to other organizations' devices. This is a critical issue as it enables cross-account device access, putting sensitive data and systems at risk.
Here's where it gets controversial: the feature that enables this vulnerability is disabled by default, but many administrators enable it during device registration. This oversight has led to over 3 million exposed devices.
CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging immediate action with a remediation deadline. Fortinet confirmed active exploitation, identifying malicious accounts responsible for the attacks.
The threat actors leveraged the flaw to download device configurations and establish persistence by creating local admin accounts with familiar names. In response, Fortinet temporarily disabled FortiCloud SSO and then re-enabled it with version-based restrictions.
The vulnerability affects a wide range of Fortinet versions, with immediate patching required for certain versions of FortiOS, FortiManager, and FortiAnalyzer. Patches are available, but organizations unable to patch immediately are advised to disable FortiCloud SSO and review admin accounts for unauthorized users.
This issue highlights the importance of staying vigilant and proactive in cybersecurity. With over 3 million devices at risk, it's a stark reminder of the potential consequences of overlooked vulnerabilities.
Stay tuned for more cybersecurity updates, and feel free to share your thoughts and experiences in the comments. Are there any specific measures you've taken to address this vulnerability? We'd love to hear your insights and learn from your experiences.
