Fortinet Locks Down FortiCloud SSO Amid Zero-Day Attacks

Mitigation: SSO Access Restricted After Attackers Compromised Fully Patched Devices Mathew J. Schwartz (euroinfosec) • January 28, 2026

Network security giant Fortinet locked out cloud customers Tuesday from its single sign-on service until they update device firmware with a patch against active attacks exploiting an improper access control zero day.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

Only Fortinet devices running the latest, patched firmware versions are accessible using Fortinet SSO, the company said.

The move follows attackers actively exploiting an authentication bypass vulnerability in FortiOS, FortiManager and FortiAnalyzer, now tracked as CVE-2026-24858, to gain administrator-level access to Fortinet devices, through FortiCloud SSO. The vulnerability allowed "an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts," the company said. Fortinet disabled two FortiCloud accounts that used the flaw to log onto devices belonging to other ...