Close Menu
Compliance

Fortinet Uncovers Zero-Day Exploit Targeting SSO Logins

Staff WriterBy No Comments2 Mins Read2 Views

Top Highlights

  1. Zero-Day Vulnerability: Fortinet’s new zero-day vulnerability, CVE-2026-24858, allows attackers to exploit the FortiCloud single sign-on feature, facilitating unauthorized access to devices.

  2. Critical Authentication Flaw: The vulnerability boasts a critical CVSS score of 9.8 and enables attackers with a FortiCloud account to log into other users’ devices, posing significant security risks.

  3. Exploitation Awareness: The issue has led to malicious logins on Fortinet devices, even on those patched against a prior vulnerability (CVE-2025-59718), raising concerns of potential new attack vectors.

  4. Mitigation Actions: In response, Fortinet disabled FortiCloud SSO temporarily for all accounts, encouraged device upgrades, and identified around 10,000 exposed systems still utilizing the vulnerable feature.

Fortinet Confirms Critical Zero-Day Vulnerability

Fortinet recently confirmed a new zero-day vulnerability, CVE-2026-24858. This issue leads to malicious logins via FortiCloud’s single sign-on (SSO) feature. The vulnerability carries a CVSS score of 9.8, marking it as critical. Attackers can exploit this flaw to log in as another user if SSO is enabled on the device. Fortunately, Fortinet states that the SSO feature does not activate by default. However, administrators can unintentionally enable it during device registration.

Despite the risks, it remains unclear how many devices have this feature turned on. Fortinet has not yet responded to inquiries about the extent of the exposure. As organizations increasingly rely on cloud services, they must remain vigilant against potential security gaps like this one.

Response and Mitigation Steps

The emergence of CVE-2026-24858 follows reports of ongoing malicious activity targeting Fortinet devices. Users on a community forum reported continued issues, even on patched devices. In light of these findings, Fortinet’s Chief Information Security Officer confirmed that the company was investigating possible new attack methods.

To combat these threats, Fortinet temporarily disabled the FortiCloud SSO feature for all accounts. They re-enabled it shortly after, but with limitations: affected devices can no longer support SSO login. Additionally, they advised all users to upgrade their devices to secure versions. According to recent scans, the number of exposed Fortinet instances with SSO enabled has dropped, yet thousands remain vulnerable. As cyber threats evolve, organizations must stay informed and proactive to safeguard their networks effectively.

Discover More Technology Insights

Stay informed on the revolutionary breakthroughs in Quantum Computing research.

Stay inspired by the vast knowledge available on Wikipedia.

CyberRisk-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.