FortiGate SSL VPN active 2FA bypass (CVE-2020-12812)
Vulnerability
Summary
Hide ▲
Show ▼
Fortinet says CVE-2020-12812 is still being actively exploited, leaving over 10,000 Fortinet firewalls exposed to a 2FA bypass risk. The weakness affects FortiGate SSL VPN deployments that rely on LDAP and lets attackers log in without the second factor when the username case is changed. Fortinet already released fixes in July 2020, but unpatched systems remain vulnerable unless admins patch or disable username-case-sensitivity.
Cases
Related Happenings
FortiGate NGFW abuse campaign targeting healthcare, government, and managed service providers
Campaign
First: 10.03.2026 18:21
Last: 10.03.2026 18:21
Sources 1
About this happening:
A **new FortiGate abuse campaign** is using **FortiGate NGFW appliances** as entry points to breach victim networks, creating immediate risk for **healthcare**, **government**, an...
FortiGate NGFW abuse campaign targeting healthcare, government, and managed service providers
CampaignAbout this happening: A **new FortiGate abuse campaign** is using **FortiGate NGFW appliances** as entry points to breach victim networks, creating immediate risk for **healthcare**, **government**, an...
CyberStrikeAI observed on attacker infrastructure supporting FortiGate attack automation
Security Tool/Service
First: 03.03.2026 02:06
Last: 03.03.2026 02:06
Sources 1
About this happening:
**CyberStrikeAI** was observed on **attacker infrastructure** supporting a live **Fortinet FortiGate** attack campaign, showing the platform can be repurposed for offensive automa...
CyberStrikeAI observed on attacker infrastructure supporting FortiGate attack automation
Security Tool/ServiceAbout this happening: **CyberStrikeAI** was observed on **attacker infrastructure** supporting a live **Fortinet FortiGate** attack campaign, showing the platform can be repurposed for offensive automa...
FortiGate exposed management interface exploitation wave
Exploitation Wave
First: 21.02.2026 16:49
Last: 21.02.2026 16:49
Sources 1
About this happening:
**FortiGate** management interfaces were hit by an **automated exploitation wave** that abused **internet-exposed ports** and **commonly reused credentials** to compromise **600+...
FortiGate exposed management interface exploitation wave
Exploitation WaveAbout this happening: **FortiGate** management interfaces were hit by an **automated exploitation wave** that abused **internet-exposed ports** and **commonly reused credentials** to compromise **600+...
Russian-speaking hacker AI-assisted FortiGate breach campaign
Campaign
First: 21.02.2026 15:50
Last: 21.02.2026 15:50
Sources 1
About this happening:
The **Russian-speaking** threat actor ran an **AI-assisted FortiGate breach campaign** from **January 11 to February 18, 2026**, compromising **over 600 FortiGate devices** across...
Russian-speaking hacker AI-assisted FortiGate breach campaign
CampaignAbout this happening: The **Russian-speaking** threat actor ran an **AI-assisted FortiGate breach campaign** from **January 11 to February 18, 2026**, compromising **over 600 FortiGate devices** across...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
First: 04.02.2026 07:50
Last: 04.02.2026 07:50
Sources 1
About this happening:
**CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
Timeline
-
02.01.2026 18:01 3 articles · 4mo ago
FortiGate SSL VPN active 2FA bypass (CVE-2020-12812)
Initial DisclosureFortinet originally patched **CVE-2020-12812** in **July 2020** and recommended disabling **username-case-sensitivity** as a workaround for systems that could not be updated right away. The event reappeared in **January 2026** when Fortinet warned that attackers were still exploiting the flaw in vulnerable **FortiGate SSL VPN** configurations.
Show sources
- Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass — www.bleepingcomputer.com — 02.01.2026 18:01
- Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass — www.bleepingcomputer.com — 02.01.2026 18:01
- Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks — www.bleepingcomputer.com — 29.12.2025 13:16