Signal

FortiCloud SSO bypass still exploited on fully updated FortiGate

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-01-23 12:30 UTCUpdated 2026-01-23 12:43 UTC

rss

fortinetfortigateforticloudssoauthentication_bypassactive_exploitation

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Fortinet admits FortiGate SSO bug still exploitable despite December patch

theregister_security · News · go.theregister.com · 2026-01-23 12:43 UTC

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

The Hacker News · News · thehackernews.com · 2026-01-23 12:30 UTC

limited source diversity in top sources

View all evidence

Overview

Multiple reports describe ongoing exploitation of a FortiCloud SSO authentication bypass impacting FortiGate, including cases where targets were reportedly fully updated. Fortinet is described as working on a complete remediation while customers report suspicious logins.

Score total

1.02

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Reports cite fresh/active exploitation activity within the last 24 hours
Customer reports of suspicious logins renewed attention on the issue
Fortinet is described as working to fully plug the bypass

Why it matters

Exploitation on “fully patched” devices can undermine patch-status assumptions
SSO authentication bypass and suspicious logins indicate potential unauthorized access risk
Signals possible need for additional remediation beyond prior fixes

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Fortinet confirmed it is working to completely plug a FortiCloud SSO authentication bypass after reports of fresh exploitation.
Attack activity was reported against FortiGate devices described as fully patched/fully up to date, suggesting prior remediation was insufficient.
Fortinet acknowledged the FortiGate FortiCloud SSO issue remained exploitable despite a December patch, following customer reports of suspicious logins.

How sources frame it

The Hacker News: neutral
The Register: neutral

Two-source cluster; both reports align on active bypass affecting “fully patched” FortiGate via FortiCloud SSO.

All evidence

Fortinet admits FortiGate SSO bug still exploitable despite December patch

theregister_security · go.theregister.com · 2026-01-23 12:43 UTC

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

The Hacker News · thehackernews.com · 2026-01-23 12:30 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

theregister_security (1)
The Hacker News (1)

Top origin domains (this list)

go.theregister.com (1)
thehackernews.com (1)