Summary
Fortinet patched a critical authentication bypass vulnerability (CVE-2026-24858) in FortiOS and related products that attackers are actively exploiting to hijack devices and steal configurations. CISA has mandated federal agencies to remediate the flaw by end of January 2026.
Take Action:
Make sure all your Fortinet devices are isolated from the internet and accessible from trusted networks only. If you use FortiCloud SSO, you must upgrade your firmware immediately because Fortinet has blocked vulnerable versions from using the SSO service.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)