CVE-2026-24858
- Source
- https://cve.org/CVERecord?id=CVE-2026-24858
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24858.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24858
- Published
- 2026-01-27T20:16:24.477Z
- Modified
- 2026-03-15T14:53:51.659237Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
- References
Affected packages
Git /
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24858.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "7.0.0"
},
{
"last_affected": "7.0.15"
}
]
},
{
"events": [
{
"introduced": "7.2.0"
},
{
"last_affected": "7.2.11"
}
]
},
{
"events": [
{
"introduced": "7.4.0"
},
{
"fixed": "7.4.10"
}
]
},
{
"events": [
{
"introduced": "7.6.0"
},
{
"fixed": "7.6.6"
}
]
},
{
"events": [
{
"introduced": "7.0.0"
},
{
"last_affected": "7.0.15"
}
]
},
{
"events": [
{
"introduced": "7.2.0"
},
{
"last_affected": "7.2.11"
}
]
},
{
"events": [
{
"introduced": "7.4.0"
},
{
"fixed": "7.4.10"
}
]
},
{
"events": [
{
"introduced": "7.6.0"
},
{
"fixed": "7.6.6"
}
]
},
{
"events": [
{
"introduced": "7.0.0"
},
{
"last_affected": "7.0.22"
}
]
},
{
"events": [
{
"introduced": "7.2.0"
},
{
"last_affected": "7.2.15"
}
]
},
{
"events": [
{
"introduced": "7.4.0"
},
{
"last_affected": "7.4.12"
}
]
},
{
"events": [
{
"introduced": "7.6.0"
},
{
"last_affected": "7.6.4"
}
]
},
{
"events": [
{
"introduced": "7.4.0"
},
{
"last_affected": "7.4.11"
}
]
},
{
"events": [
{
"introduced": "7.6.0"
},
{
"last_affected": "7.6.6"
}
]
},
{
"events": [
{
"introduced": "8.0.0"
},
{
"last_affected": "8.0.3"
}
]
},
{
"events": [
{
"introduced": "7.0.0"
},
{
"last_affected": "7.0.18"
}
]
},
{
"events": [
{
"introduced": "7.2.0"
},
{
"last_affected": "7.2.12"
}
]
},
{
"events": [
{
"introduced": "7.4.0"
},
{
"fixed": "7.4.11"
}
]
},
{
"events": [
{
"introduced": "7.6.0"
},
{
"fixed": "7.6.6"
}
]
}
]