H-ISAC TLP White Active Exploitations of an Authentication Bypass Vulnerability

H-ISAC TLP White Bulletin: Active Exploitations of an Authentication Bypass Vulnerability on Administrative FortiCloud SSO

On January 15, 2026, a critical authentication bypass vulnerability, tracked as CVE-2026-24858, in FortiCloud SSO was discovered. It allows unauthenticated remote attackers to gain administrative access to Fortinet devices.

Recently, the vulnerability has been observed being actively exploited in the wild and has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog on January 27, 2026.

Healthcare organizations must patch immediately or disable FortiCloud SSO to prevent unauthorized network entry and potential patient data breaches.

Health-ISAC provides this information to increase situational awareness and encourage organizations to assess their level of risk from this vulnerability.

View the detailed bulletin below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advisory
Health Care Organizations Urged to Maintain Cybersecurity Vigilance and Report Suspicious Activity
Member
Letter/Comment
AHA Comments on RFI for Reauthorization of the Pandemic and All-Hazards Preparedness Act
Public
Advisory
Cybersecurity Advisory: A Message for AHA Members
Member
Advancing Health Podcast
Operation Winter Shield: The FBI's Campaign Against Cyberthreats Part 2
Public
Advisory
AHA Warns of Phishing-as-a-Service Scheme, Tycoon 2FA
Member
Advancing Health Podcast
Operation Winter Shield: The FBI's Campaign Against Cyberthreats Part 1
Public