Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
PoC: cve-2026-24858
CVE-2026-24858 - Administrative FortiCloud SSO authentication bypass
PoC: SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity
While Fortinet's January 27, 2026 mitigation for **CVE-2026-24858** focuses on blocking specific accounts like `cloud-noc@mail.io`, it fails to address the **Temporal Vulnerability** of the SAML state machine.
PoC: -CTT-NSP-Convergent-Time-Theory---Network-Stack-Projection-CVE-2026-24858-
A Proof-of-Concept demonstrating the application of 3D Navier-Stokes CTT formulations to packet flow optimization and defensive bypass.
PoC: CVE-2026-24858-FortiCloud-SSO-Authentication-Bypass
CVE-2026-24858 FortiCloud Single Sign On (SSO) a factory default enabled feature once you register any FortiGate/FortiManager/FortiAnalyzer contains a critical authentication bypass flaw.
PoC: CVE-2026-24858
CVE-2026-24858: Authentication Bypass in Fortinet Products via FortiCloud SSO
PoC: CVE-2026-24858
아직 제로데이인거 같아, 공개되거나 천천히 분석할 예정....
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free