Summary: Fortinet has issued a critical advisory for a zero-day authentication bypass vulnerability (CVE-2026-24858) in its FortiCloud Single Sign-On (SSO) service. Attackers are currently exploiting this flaw to bypass authentication mechanisms and gain administrative access to managed security fabric nodes.
Business Impact: Critical. If your security infrastructure uses FortiCloud for centralized management, an attacker could potentially gain “System” level access to your firewalls and network gates, allowing for silent traffic interception and data exfiltration.
Why It Happened: A flaw in the way the SSO service validates session tokens allowed for “Token Replay” attacks, where a malicious actor could reuse a stolen or intercepted session ID to authenticate as a valid admin.
Recommended Executive Action: Patch Immediately. Review logs for any unauthorized logins to your FortiGate or FortiManager consoles originating from unfamiliar IP addresses in the last 72 hours. Enforce MFA via an external provider if possible.
Hashtags: #Fortinet #ZeroDay #SSO #AuthenticationBypass #CVE202624858 #NetworkSecurity