Critical Vulnerabilities Expose Fortinet Users to Authentication Bypass

Today, Fortinet disclosed a severe authentication bypass vulnerability, designated CVE-2026-24858, affecting its products. This flaw allows attackers with a FortiCloud account to access other users' devices when the Single Sign-On (SSO) feature is enabled. The CVSS score of 9.4 underscores the critical nature of this vulnerability, which has already been actively exploited. To mitigate risks, Fortinet has disabled SSO for affected users and urged immediate firmware updates. Organizations relying on Fortinet products should prioritize patching to safeguard against potential breaches stemming from this vulnerability. More information can be found in Fortinet's official guidance.

Also In Security Today

Active Exploitation of WinRAR Vulnerability: Google warns of an actively exploited vulnerability in WinRAR (CVE-2025-8088) that permits attackers to control Windows systems via malicious archive files. Read more.
Malicious AI Coding Assistant Found on VS Code Marketplace: A malicious extension, "Moltbot," posing as an AI coding assistant was removed by Microsoft after dropping malware on users' systems. Learn more.
Ransomware Activity Report: Ongoing ransomware activity is reported, including a significant breach involving the ShinyHunters group targeting high-profile companies. Details here.

Analyst's Take

Today's revelations about Fortinet's CVE-2026-24858 and the active exploitation of WinRAR vulnerabilities emphasize the critical need for organizations to remain vigilant against emerging threats. Defenders should prioritize patch management and encourage users to adopt best practices around SSO configurations. Additionally, the rise of malicious extensions in development environments signals a worrying trend of supply chain vulnerabilities that must be addressed proactively to maintain software integrity.