CVE-2026-24858

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 7 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

3.95%

probability

This CVE has a 3.95% probability of being exploited in the next 30 days.

0% Top 88.5th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-284 · Improper Access Control CWE-287 · Improper Authentication CWE-288 · Authentication Bypass by Alternate Path/Channel CWE-306 · Missing Authentication

Siemens RUGGEDCOM APE1808 Devices

CISA-Advisories Mar 12, 2026

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

TheHackerNews Jan 28, 2026

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

BleepingComputer Jan 27, 2026

CISA orders feds to patch exploited Fortinet EMS flaw by Friday

BleepingComputer Apr 06, 2026

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

TheHackerNews Feb 02, 2026

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

TheHackerNews Feb 10, 2026

Administrative FortiCloud SSO authentication bypass

Fortinet-PSIRT Jan 27, 2026

Signal Intelligence

Confidenceⓘ

92%

EPSS 3.95%

Mentions 7

Last Seen Apr 06, 2026

CNA Information

Analyst Note

CVE-2026-24858 is explicitly identified as a zero-day in multiple authoritative sources (BleepingComputer title: 'exploited FortiCloud SSO zero day'). Active exploitation in the wild is documented by Fortinet, and the vendor released patches in response to ongoing attacks, indicating exploitation preceded or coincided with patch availability.