CyberSec.Space Logo
CVEブラウザに戻る

CVE-2026-24858

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score92.0510%
EPSS Percentile95.80th
Published2026年1月27日
Last Modified2026年6月9日

Vulnerability Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Affected Platforms (CPE)

📦
Fortinet

Fortianalyzer

>= 7.0.0 and <= 7.0.15
📦
Fortinet

Fortianalyzer

>= 7.2.0 and <= 7.2.11
📦
Fortinet

Fortianalyzer

>= 7.4.0 and < 7.4.10
📦
Fortinet

Fortianalyzer

>= 7.6.0 and < 7.6.6
📦
Fortinet

Fortimanager

>= 7.0.0 and <= 7.0.15
📦
Fortinet

Fortimanager

>= 7.2.0 and <= 7.2.11
📦
Fortinet

Fortimanager

>= 7.4.0 and < 7.4.10
📦
Fortinet

Fortimanager

>= 7.6.0 and < 7.6.6
📦
Fortinet

Fortinac F

>= 7.6.3 and < 7.6.6
📦
Fortinet

Fortiproxy

>= 7.0.0 and <= 7.0.22
📦
Fortinet

Fortiproxy

>= 7.2.0 and <= 7.2.15
📦
Fortinet

Fortiproxy

>= 7.4.0 and <= 7.4.12
📦
Fortinet

Fortiproxy

>= 7.6.0 and <= 7.6.4
📦
Fortinet

Fortiweb

>= 7.4.0 and <= 7.4.11
📦
Fortinet

Fortiweb

>= 7.6.0 and <= 7.6.6
📦
Fortinet

Fortiweb

>= 8.0.0 and <= 8.0.3
💻
Fortinet

Fortios

>= 7.0.0 and <= 7.0.18
💻
Fortinet

Fortios

>= 7.2.0 and <= 7.2.12
💻
Fortinet

Fortios

>= 7.4.0 and < 7.4.11
💻
Fortinet

Fortios

>= 7.6.0 and < 7.6.6
💻
Siemens

Ruggedcom Ape1808 Firmware

All versions

References & Advisories

🔗 https://fortiguard.fortinet.com/psirt/FG-IR-26-060
🔗 https://cert-portal.siemens.com/productcert/html/ssa-975644.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858
🔗 https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios

関連する脆弱性情報

CVE-2016-19099.8

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and Fo...

CVE-2020-128178.8

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacke...

CVE-2021-325898.1

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version ...

CVE-2021-261047.8

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and be...