Security Advisory

Fortinet Product Security Update Advisory (CVE-2026-24858)

  • Jan 29 2026
Fortinet Product Security Update Advisory (CVE-2026-24858)

Overview

 

We have released security updates to fix vulnerabilities in Fortinet products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2026-24858

 

FortiAnalyzer 7.6 Versions: 7.6.0 and later and 7.6.5 and earlier
FortiAnalyzer 7.4 Versions: 7.4.0 and earlier and 7.4.9 and earlier
FortiAnalyzer 7.2 Versions: 7.2.0 or later and 7.2.11 or earlier
FortiAnalyzer 7.0 version: 7.0.0 or later and 7.0.15 or earlier
FortiManager 7.6 version: 7.6.0 or later and 7.6.5 or earlier
FortiManager 7.4 version: 7.4.0 or later and 7.4.9 or earlier
FortiManager 7.2 Versions: 7.2.0 or later and 7.2.11 or earlier
FortiManager 7.0 version: 7.0.0 or later and 7.0.15 or earlier
FortiOS 7.6 Versions: 7.6.0 or later and 7.6.5 or earlier
FortiOS 7.4 Versions: 7.4.0 or later and 7.4.10 or earlier
FortiOS 7.2 Versions: 7.2.0 or later and 7.2.12 or earlier
FortiOS 7.0 versions: 7.0.0 or later and 7.0.18 or earlier
FortiProxy 7.6 version: 7.6.0 or later and 7.6.4 or earlier
FortiProxy 7.4 version: 7.4.0 or later and 7.4.12 or earlier
FortiProxy 7.2 versions: All versions of 7.2
FortiProxy 7.0 version: All versions of 7.0
FortiWeb 8.0 version: 8.0.0 or later and 8.0.3 or earlier
FortiWeb 7.6 versions: 7.6.0 or later and 7.6.6 or later
FortiWeb 7.4 versions: 7.4.0 or later and 7.4.11 or later

 

 

Resolved Vulnerabilities

 

Authentication Bypass Using Alternate Path or Channel Vulnerability in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb (CVE-2026-24858)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2026-24858

 

FortiAnalyzer 7.6 version: 7.6.6 and later
FortiAnalyzer 7.4 version: 7.4.10 and later
FortiAnalyzer 7.2 Version: 7.2.12 and later
FortiAnalyzer 7.0 Version: 7.0.16 and later
FortiManager 7.6 Version: 7.6.6 and later
FortiManager 7.4 Version: 7.4.10 and later
FortiManager 7.2 Version: 7.2.13 and later
FortiManager 7.0 Version: 7.0.16 and later
FortiOS 7.6 Version: 7.6.6 and later
FortiOS 7.4 Version: 7.4.11 and later
FortiOS 7.2 Version: 7.2.13 and later
FortiOS 7.0 version: 7.0.19 and later
FortiProxy 7.6 version: 7.6.6 and later
FortiProxy 7.4 Version: 7.4.13 and later
FortiProxy 7.2 Versions: Migrating to a Revised Release
FortiProxy 7.0 Version: Migrating to a Revised Release
FortiWeb 8.0 Version: 8.0.4 and later
FortiWeb 7.6 Versions: 7.6.7 and later
FortiWeb 7.4 Versions: 7.4.12 and later

 

 

References

 

[1] Administrative FortiCloud SSO authentication bypass
https://fortiguard.fortinet.com/psirt/FG-IR-26-060

Tags:
Previous Post

Next Post