A critical security flaw in Fortinet's FortiOS has been exploited in the wild, leaving organizations vulnerable! Fortinet is now scrambling to patch CVE-2026-24858, a severe vulnerability with a CVSS score of 9.4.
The issue revolves around an authentication bypass in FortiOS's single sign-on (SSO) feature, which also affects FortiManager and FortiAnalyzer. This flaw could allow an attacker to log into devices registered to other accounts, potentially compromising sensitive data. But here's where it gets controversial: the FortiCloud SSO login, which is at the heart of this issue, is not even enabled by default! It's only activated when an administrator registers the device to FortiCare, unless they intentionally toggle the setting.
Recently, Fortinet confirmed that threat actors were exploiting a new attack path to gain SSO access without authentication. This access was then used to create admin accounts, modify configurations, and steal firewall settings. The company has taken swift action, locking malicious accounts and temporarily disabling FortiCloud SSO.
To ensure security, Fortinet advises customers to update their software, check for unauthorized changes, and rotate credentials. The U.S. CISA has also added CVE-2026-24858 to its Known Exploited Vulnerabilities catalog, requiring federal agencies to address the issue promptly.
This incident highlights the importance of staying vigilant against emerging threats. But it also raises questions: should organizations rely on default settings for security? And what responsibility do vendors bear when their products are exploited? Share your thoughts in the comments below!
