Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-24858 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-24858 | CVSS 9.8 (Critical) | Exploit: PoC available

What Is It

CVE-2026-24858 is a critical authentication bypass vulnerability (CWE-288) affecting Fortinet FortiAnalyzer, FortiManager, and FortiProxy across multiple major version branches, allowing unauthenticated attackers to circumvent authentication controls via an alternate path or channel.

Technical Detail

The flaw exists in the authentication handling logic of the affected Fortinet products, where an alternate access path or channel can be leveraged to bypass standard credential verification entirely. An unauthenticated remote attacker can exploit this by routing requests through the unprotected path, effectively gaining access without valid credentials. Depending on the privilege level of the bypassed context, successful exploitation could result in full administrative access to FortiAnalyzer, FortiManager, or FortiProxy instances, enabling configuration tampering, data exfiltration, or use of the management plane as a pivot point into managed network infrastructure.

Exploitation Status

A proof-of-concept exploit is publicly available. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog, and active in-the-wild exploitation has not been confirmed as of April 26, 2026. However, the public availability of a PoC against a CVSS 9.8 authentication bypass in widely deployed network management products significantly elevates the risk of imminent weaponization.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. Fortinet management and analytics platforms have historically been targeted by state-sponsored actors and ransomware operators, but no campaigns leveraging CVE-2026-24858 have been publicly attributed as of this writing.

What To Do

Organizations running affected versions of FortiAnalyzer (7.0.0 through 7.6.5), FortiManager (7.0.0 through 7.6.5), or FortiProxy should treat patching as an immediate priority given the critical CVSS score and public PoC availability. Apply vendor-supplied patches as soon as they are available and consult Fortinet's official security advisory for fixed version guidance. As an interim measure, restrict management interface access to trusted IP ranges using firewall rules or Fortinet's trusted host configuration, and disable internet-facing exposure of administrative interfaces where operationally feasible. Monitor authentication logs for anomalous access patterns, unexpected administrative sessions, or configuration changes that cannot be attributed to known administrators.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →