Find notable cyber news and cases, enriched with sources, timelines, and signals.

FortiGate SSL VPN active 2FA bypass (CVE-2020-12812)

Vulnerability
First reported
Last updated
Happening score
H score 72
1 unique sources, 2 articles

Summary

Hide ▲

Fortinet says CVE-2020-12812 is still being actively exploited, leaving over 10,000 Fortinet firewalls exposed to a 2FA bypass risk. The weakness affects FortiGate SSL VPN deployments that rely on LDAP and lets attackers log in without the second factor when the username case is changed. Fortinet already released fixes in July 2020, but unpatched systems remain vulnerable unless admins patch or disable username-case-sensitivity.

Cases

Related Happenings

FortiBleed Fortinet/FortiGate VPN credential leak

Data Leak
H score80 First: 17.06.2026 18:12 Last: 17.06.2026 18:12 Sources 1

About this happening: **FortiBleed** is a **data leak** of **Fortinet/FortiGate VPN credentials** that now includes a verified database of **86,644 confirmed working credentials** collected from **inte...

Latest development: 19.06.2026 09:47

CISA urged Fortinet customers to secure FortiGate appliances after nearly 74,000 firewall and VPN credentials were exposed in the FortiBleed leak. The agency advised affected owners to terminate SSL VPN and administrative sessions, reset VPN and administrative passwords, enable phishing-resistant multifactor authentication, review logs for unauthorized access or lateral movement, store admin credentials with PBKDF2, restrict firewall management interfaces from public internet access, and remove unauthorized accounts.

Fortinet FortiSandbox multi-CVE exploitation wave

Exploitation Wave
H score49 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

FortiGate NGFW abuse campaign targeting healthcare, government, and managed service providers

Campaign
H score44 First: 10.03.2026 18:21 Last: 10.03.2026 18:21 Sources 1

About this happening: A **new FortiGate abuse campaign** is using **FortiGate NGFW appliances** as entry points to breach victim networks, creating immediate risk for **healthcare**, **government**, an...

CyberStrikeAI observed on attacker infrastructure supporting FortiGate attack automation

Security Tool/Service
H score22 First: 03.03.2026 02:06 Last: 03.03.2026 02:06 Sources 1

About this happening: **CyberStrikeAI** was observed on **attacker infrastructure** supporting a live **Fortinet FortiGate** attack campaign, showing the platform can be repurposed for offensive automa...

Timeline

  1. 02.01.2026 18:01 3 articles · 6mo ago

    FortiGate SSL VPN active 2FA bypass (CVE-2020-12812)

    Initial Disclosure

    Fortinet originally patched **CVE-2020-12812** in **July 2020** and recommended disabling **username-case-sensitivity** as a workaround for systems that could not be updated right away. The event reappeared in **January 2026** when Fortinet warned that attackers were still exploiting the flaw in vulnerable **FortiGate SSL VPN** configurations.

    Show sources