TL;DR
['CISA has added CVE-2026-24858 to the KEV Catalog due to evidence of active exploitation.', 'FCEB agencies must remediate this vulnerability by the specified due date to protect against potential attacks.']
What happened
['CISA announced the addition of CVE-2026-24858 to its Known Exploited Vulnerabilities (KEV) Catalog.', 'The new entry involves multiple products from Fortinet that allow an attacker to bypass authentication through alternative paths or channels.']
Why it matters for ops
['This vulnerability is a critical risk as it allows attackers to gain unauthorized access and could lead to further exploitation of systems.', 'FCEB agencies are required by BOD 22-01 to remediate this and other KEV vulnerabilities according to specified deadlines.']
Mitigation
- Apply vendor-provided patches or workarounds for CVE-2026-24858.
- Monitor network traffic for signs of authentication bypass attacks.
Action items
- Review and update asset inventories to identify affected Fortinet products.
- Implement necessary updates or mitigations as soon as they are available from the vendor.
Detection IOCs
- Authentication bypass attempts using alternative channels
- Unusual login activity from non-standard ports or protocols