Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 [Common Weakness Enumeration (CWE)-288: Authentication Bypass Using an Alternate Path or Channel] allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other users in FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer, if FortiCloud single sign on (SSO) is enabled on devices.
Users are vulnerable to CVE-2026-24858 even if they updated Fortinet devices to address previously disclosed FortiCloud SSO bypass vulnerabilities CVE-2025-59718 and CVE-2025-59719 [CWE-347: Improper Verification of Cryptographic Signature]. CVE-2025-59718 and CVE-2025-59719 affect FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager, and allow malicious actors to bypass the SSO login authentication via a crafted Security Assertion Markup Language (SAML) message.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs
February 3, 2024
Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research. In a scenario that elicits strong memories of that nail-biting flight scene from Die Hard 2, researchers investigating electronic flight bags (EFBs) found the app used by Airbus pilots was ...
- Cloudflare blames previous Okta breach for November 2023 cyberattack
February 2, 2024
Cloudflare is laying the blame for the cyberattack it suffered late last year the after-effects of the critical Okta breach. The content delivery service provider has published a blog post detailing the cybersecurity incident it suffered on Thanksgiving Day 2023, noting that on November 23, 2023, a threat actor accessed the company’s self-hosted Atlassian server. Read more… Source: ...
- There Are Too Many Damn Honeypots
February 2, 2024
Determining the number of internet-facing hosts affected by a new vulnerability is a key factor in determining if it will become a widespread or emergent threat. Are there a lot of hosts affected? Pretty good possibility things are about to pop off. Only a few hosts? Probably less likely. But actually, counting those hosts has become ...
- Apple warns of “privacy and security threats” after EU requires it to allow sideloading
January 30, 2024
Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store (sideloading). These drastic changes are brought about to comply with the European Union’s (EU) Digital Markets Act (DMA). The Digital Markets Act (DMA) establishes a set of clearly defined objective criteria to identify “gatekeepers”. ...
- Satellites and the specter of IoT attacks
January 26, 2024
In the vast expanse of space, satellites orbit silently, serving as the connected backbone of our modern world. A fast-proliferating network of satellites forms the critical infrastructure that supports global communication, navigation, weather forecasting, defensive operations and more. Today’s global space economy is huge, forecasted to total more than $600 billion annually in 2024. Internet of ...
- CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
January 24, 2024
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user via the administration portal. Fortra lists the root cause of CVE-2024-0204 as CWE-425: ...