Fortinet disclosed a new zero-day vulnerability, CVE-2026-24858, which allows attackers to exploit the FortiCloud single sign-on feature for unauthorized logins. This critical flaw has a CVSS score of 9.8 and affects multiple Fortinet products, prompting the company to temporarily disable SSO authentication to mitigate ongoing attacks.

Arctic Wolf detected malicious SSO logins on FortiGate appliances linked to critical vulnerabilities CVE-2025-59718 and CVE-2025-59719. These vulnerabilities allow unauthenticated access via crafted SAML messages if the FortiCloud SSO feature is enabled. Administrators are urged to reset credentials, restrict access, and upgrade to the latest software versions.