🔴 CVE-2026-24858

Authentication bypass vulnerability in Fortinet FortiOS, FortiAnalyzer, and FortiManager allowing attackers with FortiCloud accounts to access other organizations' devices when FortiCloud SSO is enabled. CISA KEV listing indicates active exploitation in the wild.

← Back to Overview
HIGH_RISK
Risk Level
9.4
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-01-27

Added to CISA KEV: 2026-01-27 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-01-27)

There is no specific information available regarding CVE-2026-24858 in the provided search results. The results primarily discuss CISA's Known Exploited Vulnerabilities (KEV) Catalog and general information about vulnerabilities that have been actively exploited.

However, based on the general information about the KEV Catalog:

  • CISA Known Exploited Vulnerabilities status: CISA maintains a catalog of vulnerabilities that have been exploited in the wild, and organizations are advised to use this catalog for vulnerability management prioritization [2][3]. New vulnerabilities are added to this catalog based on evidence of active exploitation [4][5].
  • Evidence of active exploitation: The KEV Catalog is specifically populated with vulnerabilities that have demonstrated active exploitation [2][4].
  • Attack vectors and exploitation methods: One entry in the KEV Catalog mentions that an attacker can trigger a vulnerability by making an authenticated HTTP request, and the impacted product might be end-of-life or end-of-service [1]. This suggests that some vulnerabilities may require authentication to exploit.
  • Internet-facing applications or services, targeted attacks, and technical details about internet exploitability: The provided search results do not contain specific details about whether CVE-2026-24858 affects internet-facing applications, if it has been used in targeted attacks, or specific technical details regarding its internet exploitability.
To get information on CVE-2026-24858, you would need to consult a more specific vulnerability database or security advisory that directly addresses this CVE.

Sources

  1. Known Exploited Vulnerabilities Catalog

    An attacker can make an authenticated HTTP request to trigger this vulnerability. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS).

  2. Known Exploited Vulnerabilities Catalog - CISA

    For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…

  3. Reducing the Significant Risk of Known Exploited Vulnerabilities - CISA

    Learn about the importance of CISA's Known Exploited Vulnerability (KEV) catalog and how to use it to help build a collective resilience across the cybersecurity community.

  4. CISA Adds Five Known Exploited Vulnerabilities to Catalog

    CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  5. CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed