Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices ...

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks ...

Attackers are still targeting FortiOS, FortiManager, and FortiAnalyzer with FortiCloud SSO login enabled, creating admin accounts. This allows them to gain full control over devices. A functional ...

CISA added the flaw to its KEVs catalog as Fortinet warned that patches for most affected versions remain “upcoming,” even though vulnerable devices can no longer use cloud SSO until upgraded.

Vulnerabilities could allow an attacker to bypass single sign-on login protection; users should disable SSO until patching is complete. Admins using FortiCloud SSO (single sign on) to authenticate ...

Two critical SAML‑signature flaws (CVE‑2025‑59718/59719) let attackers bypass SSO across multiple Fortinet products Exploitation began December 12, with intruders pulling config files that expose ...

Fortinet confirmed that a new zero-day vulnerability under exploitation was the cause of a spate of malicious logins through FortiCloud's single sign-on (SSO) feature. The cybersecurity vendor on ...

Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO ...