Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
24.01.2026
12778
Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via SAML abuse.
🚨 BREAKING: Fortinet Firewalls Got a Major Oopsie
Fortinet just dropped the bomb: their FortiGate firewalls — even the fully patched ones — are getting wrecked by an active FortiCloud SSO bypass. Yeah, you read that right. Fully updated devices are still vulnerable. This isn't a drill.
The exploit? A slick SAML authentication bypass that lets attackers skip the whole login process. No credentials needed. Just waltz right into the network like you own the place. Fortinet confirmed active exploitation is happening in the wild right now.
This affects FortiGate firewalls using FortiCloud SSO for authentication. The vulnerability allows attackers to bypass the single sign-on entirely through SAML abuse. Even devices running the latest patches aren't safe — that's the scary part.
Fortinet's advisory confirms the active exploitation and provides mitigation steps. Organizations using FortiGate with FortiCloud SSO need to check their configurations immediately. This isn't something you can patch your way out of — it requires configuration changes.
The vulnerability was discovered through threat intelligence monitoring. Fortinet's security team detected the exploitation attempts and confirmed the bypass works against fully patched systems. No CVE has been assigned yet, but Fortinet is working on a permanent fix.
Security researchers are calling this a critical flaw in the SAML implementation. The bypass allows attackers to impersonate legitimate users without any authentication. This gives them full access to the firewall's management interface and potentially the entire network behind it.
Fortinet recommends immediate action: disable FortiCloud SSO if possible, implement additional authentication layers, and monitor for suspicious login attempts. They're working on a firmware update but haven't provided an ETA.
- • Affects fully patched FortiGate firewalls
- • Active exploitation confirmed by Fortinet
- • SAML authentication bypass vulnerability
- • FortiCloud SSO implementation flaw
- • No credentials needed for access
- • Management interface completely exposed
- • Requires configuration changes, not just patches
#Fortinet#active vulnerability exploitation#user impersonation#unauthenticated access#SAML authentication bypass
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
