CVE-2026-24858

EUVD-2026-4712

27.01.2026, 20:16

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortianalyzer	7.0.0 ≤ 𝑥 ≤ 7.0.15
fortinet	fortianalyzer	7.2.0 ≤ 𝑥 ≤ 7.2.11
fortinet	fortianalyzer	7.4.0 ≤ 𝑥 < 7.4.10
fortinet	fortianalyzer	7.6.0 ≤ 𝑥 < 7.6.6
fortinet	fortimanager	7.0.0 ≤ 𝑥 ≤ 7.0.15
fortinet	fortimanager	7.2.0 ≤ 𝑥 ≤ 7.2.11
fortinet	fortimanager	7.4.0 ≤ 𝑥 < 7.4.10
fortinet	fortimanager	7.6.0 ≤ 𝑥 < 7.6.6
fortinet	fortinac-f	7.6.3 ≤ 𝑥 < 7.6.6
fortinet	fortiproxy	7.0.0 ≤ 𝑥 ≤ 7.0.22
fortinet	fortiproxy	7.2.0 ≤ 𝑥 ≤ 7.2.15
fortinet	fortiproxy	7.4.0 ≤ 𝑥 ≤ 7.4.12
fortinet	fortiproxy	7.6.0 ≤ 𝑥 ≤ 7.6.4
fortinet	fortiweb	7.4.0 ≤ 𝑥 ≤ 7.4.11
fortinet	fortiweb	7.6.0 ≤ 𝑥 ≤ 7.6.6
fortinet	fortiweb	8.0.0 ≤ 𝑥 ≤ 8.0.3
fortinet	fortios	7.0.0 ≤ 𝑥 ≤ 7.0.18
fortinet	fortios	7.2.0 ≤ 𝑥 ≤ 7.2.12
fortinet	fortios	7.4.0 ≤ 𝑥 < 7.4.11
fortinet	fortios	7.6.0 ≤ 𝑥 < 7.6.6
siemens	ruggedcom_ape1808_firmware	-

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
Siemens	RUGGEDCOM APE1808	𝑥 < *	ADP

Common Weakness Enumeration

CWE-288 - Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Vulnerability Media Exposure

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-060

https://cert-portal.siemens.com/productcert/html/ssa-975644.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858

https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios