Find notable cyber news and cases, enriched with sources, timelines, and signals.

FortiOS SSL VPN CVE-2020-12812 mitigation advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 47
2 unique sources, 2 articles

Summary

Hide ▲

Fortinet issued a December 24, 2025 mitigation advisory for CVE-2020-12812, warning that certain FortiOS SSL VPN configurations can let admin or VPN users authenticate without 2FA. The company told customers to disable username sensitivity or remove the secondary LDAP group path so login attempts cannot fall through to the bypass condition. If there is evidence of successful abuse, Fortinet also advised impacted customers to contact support and reset all credentials.

Cases

Related Happenings

FortiBleed Fortinet credential-theft campaign

Campaign
H score89 First: 19.06.2026 13:48 Last: 19.06.2026 13:48 Sources 1

About this happening: The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...

Latest development: 22.06.2026 11:30

The UK’s National Cyber Security Centre issued guidance for Fortinet customers impacted by FortiBleed after the campaign exposed around 75,000 credentials from FortiGate firewall and SSL VPN customers. The NCSC urged affected organizations to use Hudson Rock’s or SOCRadar’s FortiBleed checker tools and then review indicators of compromise such as unauthorized account creation and unexpected activity in log files.

SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)

Vulnerability
H score50 First: 21.05.2026 00:19 Last: 21.05.2026 00:19 Sources 1

About this happening: Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...

Fortinet security patch release for CVE-2026-44277

Security Patch Release
H score39 First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Cisco security patch release for CVE-2026-20184

Security Patch Release
H score44 First: 16.04.2026 14:27 Last: 16.04.2026 14:27 Sources 1

About this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
H score53 First: 07.04.2026 12:26 Last: 07.04.2026 12:26 Sources 1

About this happening: **Fortinet FortiClient EMS** is a **security-patch release** happening centered on **CVE-2026-35616** and **CVE-2026-21643**. Fortinet issued an **out-of-band emergency hotfix** a...

Latest development: 28.05.2026 18:26

Arctic Wolf observed threat actors abusing FortiClient Endpoint Management Server (EMS) and CVE-2026-35616 in May 2026 to modify EMS-managed configuration, disguise FortiEndpoint_Patch.exe as a Fortinet endpoint update, and use fortitray.exe, cmd.exe, and a Base64-encoded PowerShell chain to download malware and exfiltrate browser data to 83.138.53[.]110.

Timeline

  1. 25.12.2025 10:22 2 articles · 6mo ago

    Fortinet issues CVE-2020-12812 mitigation guidance

    Mitigation Patch Update

    Fortinet issued updated guidance for CVE-2020-12812 affecting FortiOS SSL VPN deployments where local users with 2FA reference LDAP, warning that username case mismatches can cause FortiGate to fall through to LDAP authentication and let admin or VPN users sign in without 2FA. The company advised affected customers to use the fixed FortiOS releases, disable username sensitivity on newer versions, remove the secondary LDAP group if it is not required, and contact support and reset credentials if there is evidence of unauthorized authentication.

    Show sources