FortiGate firewalls CVE-2020-12812 active exploitation wave
Exploitation Wave
Summary
Hide ▲
Show ▼
FortiGate firewalls with LDAP-enabled authentication paths are facing an active exploitation wave tied to CVE-2020-12812, a 2FA-bypass flaw in FortiOS. Attackers can abuse the weakness to log in to unpatched systems without the second factor when the username case is changed. The activity matters because the vulnerable configuration remains exposed in real-world deployments and the abuse is still occurring in the wild.
Cases
Related Happenings
SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)
Vulnerability
First: 21.05.2026 00:19
Last: 21.05.2026 00:19
Sources 1
About this happening:
Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...
SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)
VulnerabilityAbout this happening: Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...
Cisco security patch release for CVE-2026-20184
Security Patch Release
First: 16.04.2026 14:27
Last: 16.04.2026 14:27
Sources 1
About this happening:
**Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Cisco security patch release for CVE-2026-20184
Security Patch ReleaseAbout this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation Wave
First: 02.04.2026 11:25
Last: 02.04.2026 11:25
Sources 1
About this happening:
As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation WaveAbout this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
UniFi Network Application path traversal flaw (CVE-2026-22557)
Vulnerability
First: 19.03.2026 15:00
Last: 19.03.2026 15:00
Sources 1
About this happening:
**CVE-2026-22557** in the **UniFi Network Application** is a **path traversal** flaw affecting **version 10.1.85 and earlier** that can expose files and enable **possible account...
UniFi Network Application path traversal flaw (CVE-2026-22557)
VulnerabilityAbout this happening: **CVE-2026-22557** in the **UniFi Network Application** is a **path traversal** flaw affecting **version 10.1.85 and earlier** that can expose files and enable **possible account...
Cisco Catalyst SD-WAN Controller/Manager authentication-bypass flaw (CVE-2026-20127)
Vulnerability
First: 26.02.2026 08:13
Last: 26.02.2026 08:13
Sources 1
About this happening:
The **CVE-2026-20127** flaw in **Cisco Catalyst SD-WAN Controller** and **Catalyst SD-WAN Manager** is being **actively exploited** to let unauthenticated attackers bypass authent...
Cisco Catalyst SD-WAN Controller/Manager authentication-bypass flaw (CVE-2026-20127)
VulnerabilityAbout this happening: The **CVE-2026-20127** flaw in **Cisco Catalyst SD-WAN Controller** and **Catalyst SD-WAN Manager** is being **actively exploited** to let unauthenticated attackers bypass authent...
Timeline
-
29.12.2025 13:16 2 articles · 4mo ago
FortiGate firewalls CVE-2020-12812 active exploitation wave
Initial DisclosureThe current phase is defined by **ongoing in-the-wild abuse** of **CVE-2020-12812** against **FortiGate firewalls** that expose **LDAP-linked** authentication flows. Systems with the vulnerable local-user and remote-authentication setup can still be logged into without the second factor when the username case is altered.
Show sources
- Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks — www.bleepingcomputer.com — 29.12.2025 13:16
- Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks — www.bleepingcomputer.com — 29.12.2025 13:16