Fortinet has confirmed a zero-day vulnerability, tracked as CVE-2026-24858, that allows attackers to exploit the FortiCloud single sign-on (SSO) feature. This critical flaw, with a CVSS score of 9.8, enables unauthorized logins to devices by bypassing authentication. An attacker with an active FortiCloud account can access another user’s device if SSO is enabled. The company temporarily disabled SSO authentication for all devices to mitigate ongoing attacks. This vulnerability follows previous incidents, including CVE-2025-59718, which also targeted FortiCloud SSO. Users reported that malicious logins persisted even after applying the patch for this earlier vulnerability. Fortinet's CISO acknowledged these concerns and indicated that the company is investigating potential new attack paths. While Fortinet asserts that SSO is not enabled by default, administrators can inadvertently enable it during device registration if they fail to disable the SSO option. Cybersecurity experts warn that this new vulnerability poses a significant risk to organizations. Attackers gaining administrative access to edge devices, like FortiGate firewalls, can expose sensitive network configurations, leading to long-term security issues. As the situation evolves, the cybersecurity community is closely monitoring Fortinet’s response and the potential implications of this vulnerability.