Fortinet has issued critical security guidance for CVE-2026-24858, an authentication bypass vulnerability actively exploited in the wild. The flaw affects FortiOS SSL VPN and allows unauthorized access to protected networks.
Fortinet has released urgent security guidance addressing CVE-2026-24858, an authentication bypass vulnerability in FortiOS SSL VPN that is currently being exploited by threat actors. The vulnerability allows attackers to bypass authentication mechanisms and gain unauthorized access to protected networks without valid credentials.
The vulnerability affects FortiOS versions 7.2.0 through 7.2.3, 7.4.0 through 7.4.2, and 7.6.0. Fortinet has assigned this flaw a CVSS score of 9.8 out of 10, indicating critical severity. The company reports that malicious actors are actively exploiting this vulnerability in the wild to compromise systems.
According to Fortinet's advisory, the vulnerability stems from improper validation of authentication requests in the SSL VPN component. Attackers can craft specific requests that bypass the authentication process entirely, granting them access to internal network resources as if they were legitimate users.
CISA has added CVE-2026-24858 to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch affected systems by the compliance deadline. The agency emphasizes that this vulnerability poses significant risk due to the widespread deployment of Fortinet products in government and critical infrastructure environments.
Mitigation steps recommended by Fortinet include:
- Upgrade to FortiOS 7.2.4, 7.4.3, or 7.6.1 immediately
- Enable multi-factor authentication as an additional security layer
- Monitor network traffic for suspicious SSL VPN connections
- Review authentication logs for unauthorized access attempts
The vulnerability highlights the ongoing risks associated with VPN infrastructure, which remains a prime target for threat actors seeking network access. Security researchers note that authentication bypass flaws in VPN products can provide attackers with privileged network positions, enabling further lateral movement and data exfiltration.
Organizations using affected Fortinet products should prioritize patching, as the active exploitation increases the likelihood of compromise. Fortinet has also released signatures for its FortiGuard security services to detect exploitation attempts.
For organizations unable to immediately upgrade, Fortinet recommends implementing network segmentation and access controls to limit the potential impact of unauthorized VPN access. The company continues to investigate whether additional vulnerabilities exist in related components.
Security teams should also review their incident response plans, as successful exploitation of this vulnerability could indicate a broader compromise requiring forensic investigation and potential recovery operations.
Comments
Please log in or register to join the discussion