Our experts keep you up-to-date on critical cyber threats (CVEs)
CVE-2026-24858 is a critical security flaw in several Fortinet products (FortiOS, FortiManager, FortiAnalyzer, FortiProxy and some FortiWeb versions) related to FortiCloud Single Sign-On (SSO).
A successful attack gives attackers full administrative control over the target device. This CVE is being actively abused so it is important to take action.
Due to a flaw in the way Fortinet devices control FortiCloud SSO, an attacker with a valid FortiCloud account + their own registered device can Login to devices from other FortiCloud accounts.
A session intended for device X can thus be accepted by device Y, a typical case of Alternate-path authentication bypass (CWE-288).
FortiCloud SSO no longer works on vulnerable devices until they are patched.
All affected versions are listed in the Fortinet advice, briefly:
Since FortiCloud SSO authentication no longer works on vulnerable versions, there is no need to disable it on clients. If you still want to play it safe, it can be disabled like this
System -> Settings -> Switch “Allow administrative login using FortiCloud SSO” to Off.
or via this CLI command line:
config system global
set admin-forticloud-sso-login disable
end
In System Settings -> SAML SSO -> Enable “Allow admins to login with FortiCloud” to Off.
Or via this CLI command line:
config system saml
set forticloud-sso disable
endIf you don't have a managed-services contract, and need questions or help to fix this issue for you. Then feel free to contact us at support@vanroey.be or count: 014 470 605 or make here a ticket.
Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .
Receive our newsletter including invitations to events & interesting industry news!
Receive alerts from current CVEs and tips to remedy them!
All the benefits and features of a full-fledged PBX, without the drawbacks. Calculate how much you can save!