CVE-2026-24858_CVE-2026-24858

9.4 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Basic Information

ID CVE-2026-24858

Source fortinet

Published Jan 27, 2026 at 19:18

Modified Jan 27, 2026 at 19:33

Affected Product

Vendor Fortinet

Product FortiAnalyzer

Version 7.6.0

Affected Versions Fortinet FortiAnalyzer 7.6.0
Fortinet FortiAnalyzer 7.4.0
Fortinet FortiAnalyzer 7.2.0
Fortinet FortiAnalyzer 7.0.0
Fortinet FortiOS 7.6.0
Fortinet FortiOS 7.4.0
Fortinet FortiOS 7.2.0
Fortinet FortiOS 7.0.0
Fortinet FortiManager 7.6.0
Fortinet FortiManager 7.4.0
Fortinet FortiManager 7.2.0
Fortinet FortiManager 7.0.0

CWE Classification

CWE-288

References

fortiguard.fortinet.com /psirt/FG-IR-26-060

{
    "lastseen": "",
    "description": "An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.",
    "published": "2026-01-27T19:18:23.591Z",
    "modified": "2026-01-27T19:33:10.911Z",
    "type": "cve",
    "title": "CVE-2026-24858",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-26-060",
    "id": "CVE-2026-24858",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiAnalyzer 7.6.0\nFortinet FortiAnalyzer 7.4.0\nFortinet FortiAnalyzer 7.2.0\nFortinet FortiAnalyzer 7.0.0\nFortinet FortiOS 7.6.0\nFortinet FortiOS 7.4.0\nFortinet FortiOS 7.2.0\nFortinet FortiOS 7.0.0\nFortinet FortiManager 7.6.0\nFortinet FortiManager 7.4.0\nFortinet FortiManager 7.2.0\nFortinet FortiManager 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiAnalyzer",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}