Quick Takeaways
- Federal authorities warn of a critical vulnerability in Fortinet FortiCloud SSO, allowing unauthorized access to devices linked to different accounts (CVE-2026-24858).
- Confirmed malicious activities include hackers altering firewall settings and creating unauthorized accounts to gain VPN access.
- Users who patched earlier vulnerabilities (CVE-2025-59718 and CVE-2025-59719) must upgrade again, as the new flaw is not protected by previous fixes.
- Fortinet disabled and later restored FortiCloud SSO access while advising users to upgrade to secure versions; around 10,000 vulnerable instances reported.
Critical Vulnerability Exploited
Federal authorities, along with security researchers, have issued urgent warnings about a significant flaw in Fortinet’s FortiCloud single sign-on (SSO) system. This vulnerability, known as CVE-2026-24858, allows attackers with a registered FortiCloud account to access other users’ devices. Consequently, these attackers can manipulate configurations on critical devices, posing a severe risk to cybersecurity.
Moreover, the Cybersecurity and Infrastructure Security Agency (CISA) has highlighted malicious activities stemming from this flaw. Attackers have exploited the weakness to change firewall settings and create unauthorized accounts. Reports indicate that approximately 10,000 vulnerable instances exist, emphasizing the urgency of addressing this issue. Notably, users who previously patched earlier vulnerabilities still face risks from this new flaw. Therefore, upgrading to the latest secure version becomes essential.
Industry Response and User Recommendations
In response to the growing threat, Fortinet temporarily disabled the FortiCloud SSO to curb potential exploitation. They have since restored access but have clarified that vulnerable devices will no longer receive support. This decision underscores the company’s commitment to security and proactive measures in safeguarding users.
Security researchers have noted a pattern in the exploitation of Fortinet products. Since mid-January, automated changes to firewall configurations indicated a coordinated attack. Attackers utilized generic accounts to gain persistent access, leading to unauthorized changes and data exfiltration. The similarities between this incident and earlier breaches raise concerns about the system’s ongoing vulnerabilities. As users navigate these challenges, following Fortinet’s upgrade guidelines becomes a vital step in enhancing their security posture and protecting sensitive information.
Stay Ahead with the Latest Tech Trends
Learn how the Internet of Things (IoT) is transforming everyday life.
Access comprehensive resources on technology by visiting Wikipedia.
