CISA, security researchers warn FortiCloud SSO flaw is under attack

The flaw, tracked as CVE-2026-24858, allows an attacker with a registered device and a FortiCloud account to access devices ...
SecurityWeek

Fortinet Patches Exploited FortiCloud SSO Authentication Bypass

Fortinet has released patches for CVE-2026-24858, an authentication bypass exploited in the wild to compromise devices.
Dark Reading

Fortinet Confirms New Zero-Day Behind Malicious SSO Logins

To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single ...
CSO Online

Fortinet confirms new zero-day attacks against customer devices

All SAML SSO implementations, including FortiCloud SSO, are vulnerable to authentication bypass and malicious configuration ...
The Hacker News

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet released updates for an actively exploited FortiOS SSO authentication bypass flaw, CVE-2026-24858, now listed by CISA in KEV.

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability ...
The Hacker News

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via ...

Fortinet unearths another critical bug as SSO accounts borked post-patch

Those hoping for a reprieve following last week's patch pantomime are out of luck. After users reported successful ...

Fortinet confirms critical FortiCloud auth bypass not fully patched

Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to ...
CSO Online

Critical FortiCloud SSO zero‑day forces emergency service disablement at Fortinet

CISA added the flaw to its KEVs catalog as Fortinet warned that patches for most affected versions remain “upcoming,” even though vulnerable devices can no longer use cloud SSO until upgraded.