Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fortinet security patch release for CVE-2026-24858

Security Patch Release
First reported
Last updated
Happening score
H score 55
1 unique sources, 1 articles

Summary

Hide ▲

Fortinet began releasing security updates for CVE-2026-24858, a critical FortiOS authentication-bypass flaw that also affects FortiManager and FortiAnalyzer. The release matters because the flaw is actively exploited in the wild and can let attackers abuse FortiCloud SSO access to reach other devices. Customers must move to the latest firmware for FortiCloud SSO authentication to keep working.

Related Happenings

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
First: 07.04.2026 12:26 Last: 07.04.2026 12:26 Sources 1

About this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...

Open Happening

FortiGate exposed management interface exploitation wave

Exploitation Wave
First: 21.02.2026 16:49 Last: 21.02.2026 16:49 Sources 1

About this happening: **FortiGate** management interfaces were hit by an **automated exploitation wave** that abused **internet-exposed ports** and **commonly reused credentials** to compromise **600+...

Open Happening

Russian-speaking hacker AI-assisted FortiGate breach campaign

Campaign
First: 21.02.2026 15:50 Last: 21.02.2026 15:50 Sources 1

About this happening: The **Russian-speaking** threat actor ran an **AI-assisted FortiGate breach campaign** from **January 11 to February 18, 2026**, compromising **over 600 FortiGate devices** across...

Open Happening

Fortinet FortiClientEMS security update for CVE-2026-21643

Security Patch Release
First: 10.02.2026 06:38 Last: 10.02.2026 06:38 Sources 1

About this happening: Fortinet released **security updates** for **FortiClientEMS** to fix **CVE-2026-21643**, a critical **SQL injection** flaw that could let an **unauthenticated attacker** execute a...

Open Happening

Timeline

  3. 28.01.2026 06:49 1 articles · 3mo ago

    Fortinet restores FortiCloud SSO with vulnerable-version blocks

    Untyped Phase

    Fortinet re-enabled FortiCloud SSO on the FortiCloud side but blocked login from devices running vulnerable versions, forcing customers to upgrade before FortiCloud SSO authentication would function.

    Show sources
    Open in new tab
  4. 28.01.2026 06:49 2 articles · 3mo ago

    Fortinet discloses CVE-2026-24858 and CISA sets remediation urgency

    Initial Disclosure

    Fortinet released security updates for CVE-2026-24858, a CVSS 9.4 authentication bypass in FortiOS single sign-on that also affects FortiManager and FortiAnalyzer; an attacker with a FortiCloud account and a registered device may log into other devices when FortiCloud SSO authentication is enabled, and Fortinet said the flaw is under active exploitation while it continues checking whether FortiWeb and FortiSwitch Manager are affected. The same disclosure also led CISA to add CVE-2026-24858 to the Known Exploited Vulnerabilities catalog and require Federal Civilian Executive Branch agencies to remediate by January 30, 2026.

    Show sources
    Open in new tab