The CCN-CERT, of the National Cryptologic Center, is alerting to the active exploitation of vulnerability CVE-2026-24858, published by Fortinet in its latest security advisory and related to FortiOS single sign-on (SSO). This vulnerability would allow a remote attacker with a FortiCloud account to bypass authentication mechanisms and log in to other users' devices if FortiCloud SSO is enabled.

Recommendations

The CCN-CERT recommends that all organizations take the following actions immediately:
• Update affected products to the patched versions published by Fortinet.
• Verify if FortiCloud SSO is enabled and review recent administrative access.
• Monitor the Indicators of Compromise (IoCs) published by the vendor to detect potential exploitation attempts.
• Treat any signs of compromise as a serious security incident and activate the corresponding response procedures.