CVE-2026-24858

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Published: Jan 27, 2026
Updated: Jan 30, 2026
CVE: CVE-2026-24858
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-288

Affected Software
References

Software	From	Fixed in
fortinet / fortianalyzer	7.0.0	7.0.15.x
fortinet / fortianalyzer	7.2.0	7.2.11.x
fortinet / fortianalyzer	7.4.0	7.4.10
fortinet / fortimanager	7.0.0	7.0.15.x
fortinet / fortimanager	7.2.0	7.2.11.x
fortinet / fortimanager	7.4.0	7.4.10
fortinet / fortiproxy	7.6.0	7.6.4.x
fortinet / fortiweb	7.4.0	7.4.11.x
fortinet / fortiweb	7.6.0	7.6.6.x
fortinet / fortiweb	8.0.0	8.0.3.x
fortinet / fortios	7.0.0	7.0.18.x
fortinet / fortios	7.2.0	7.2.12.x
fortinet / fortios	7.4.0	7.4.11
fortinet / fortianalyzer	7.6.0	7.6.6
fortinet / fortimanager	7.6.0	7.6.6
fortinet / fortiproxy	7.0.0	7.0.22.x
fortinet / fortiproxy	7.2.0	7.2.15.x
fortinet / fortiproxy	7.4.0	7.4.12.x
fortinet / fortios	7.6.0	7.6.6

Vulnerability Database

322,129

CVE-2026-24858

Deep Security Visibility Without the Complexity