An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Fortinet has observed in the wild exploitation of this vulnerability. Customers must upgrade to the latest versions in order to use FortiCloud SSO authentication

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory.

  - An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS,     FortiManager, FortiAnalyzer may allow an attacker with a FortiCloud account and a registered device to log     into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those     devices. (CVE-2026-24858)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory.

  - An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS,     FortiManager, FortiAnalyzer may allow an attacker with a FortiCloud account and a registered device to log     into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those     devices. (CVE-2026-24858)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory.

  - An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS,     FortiManager, FortiAnalyzer may allow an attacker with a FortiCloud account and a registered device to log     into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those     devices. (CVE-2026-24858)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
296981	Fortinet FortiAnalyzer SSO authentication bypass (FG-IR-26-060)	Nessus	Firewalls	critical
296980	Fortinet FortiManager SSO authentication bypass (FG-IR-26-060)	Nessus	Firewalls	critical
296979	Fortinet Fortigate SSO authentication bypass (FG-IR-26-060)	Nessus	Firewalls	critical

Detections

Analytics

CVE-2026-24858

critical

Tenable Plugins

critical

critical

critical