13 matches found
Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858
Newly disclosed vulnerability Common Vulnerabilities and Exposures CVE-2026-24858link is external Common Weakness Enumeration CWE-288: Authentication Bypass Using an Alternate Path or Channellink is external allows malicious actors with a FortiCloud account and a registered device to log in to...
Fortinet FortiManager SSO authentication bypass (FG-IR-26-060)
The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyze...
CVE-2026-24858
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...
CVE-2026-24858
CVE-2026-24858 is a high-severity authentication bypass affecting Fortinet FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and FortiWeb (various 7.x versions) via FortiCloud SSO. The issue allows an attacker with a FortiCloud account and a registered device to log into other devices registered ...
β‘ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week's recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. "Patched" no longer means safe, and every...
CVE-2025-59719
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message...
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of...
CVE-2025-54973
A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...
Fortinet FortiAnalyzer SSO SAML authentication (FG-IR-25-198)
The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-198 advisory. - A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in...
EUVD-2025-34238
A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...
CVE-2025-54973
A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...
CVE-2025-54973
A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...
PT-2025-41960
A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...