CVE-2026-24858: FortiOS SSO Zero-Day Exploited in the Wild

Fortinet disclosed CVE‑2026‑24858, a critical FortiCloud SSO authentication‑bypass (CVSS 9.4) that allows attackers with a FortiCloud account and a registered device to access devices tied to other accounts; the flaw was actively exploited in the wild, prompting Fortinet to suspend FortiCloud SSO temporarily and CISA to add the CVE to its Known Exploited Vulnerabilities catalog. Fortinet and industry guidance strongly advise immediate patching, disabling FortiCloud SSO where appropriate, and other mitigations to prevent unauthorized administrative access.