CISA, security researchers warn FortiCloud SSO flaw is under attack

The flaw, tracked as CVE-2026-24858, allows an attacker with a registered device and a FortiCloud account to access devices ...
Dark Reading

Fortinet Confirms New Zero-Day Behind Malicious SSO Logins

To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single ...

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability ...
SecurityWeek

Fortinet Patches Exploited FortiCloud SSO Authentication Bypass

Fortinet has released patches for CVE-2026-24858, an authentication bypass exploited in the wild to compromise devices.
The Register on MSN

Fortinet unearths another critical bug as SSO accounts borked post-patch

More work for admins on the cards as they await a full dump of fixes Things aren't over yet for Fortinet customers – the ...

Fortinet continues to combat ongoing SSO admin attacks

Attackers have been targeting various Fortinet products for some time. A functional security update is still missing.
Security Boulevard

SSO vs. Federated Identity Management: A Guide

Managing digital identities for both human and non-human users is a central challenge for modern organizations. As companies ...
CSO Online

Critical FortiCloud SSO zero‑day forces emergency service disablement at Fortinet

CISA added the flaw to its KEVs catalog as Fortinet warned that patches for most affected versions remain “upcoming,” even ...
CSO Online

Fortinet confirms new zero-day attacks against customer devices

All SAML SSO implementations, including FortiCloud SSO, are vulnerable to authentication bypass and malicious configuration ...