Serial number: AV26-059
Date: January 27, 2026
On January 27, 2026, Fortinet published a security advisory to address a critical vulnerability in the following products:
- FortiAnalyzer 7.6 – versions 7.6.0 to 7.6.5
- FortiAnalyzer 7.4 – versions 7.4.0 to 7.4.9
- FortiAnalyzer 7.2 – versions 7.2.0 to 7.2.11
- FortiAnalyzer 7.0 – versions 7.0.0 to 7.0.15
- FortiManager 7.6 – versions 7.6.0 to 7.6.5
- FortiManager 7.4 – versions 7.4.0 to 7.4.9
- FortiManager 7.2 – versions 7.2.0 to 7.2.11
- FortiManager 7.0 – versions 7.0.0 to 7.0.15
- FortiOS 7.6 – versions 7.6.0 to 7.6.5
- FortiOS 7.4 – versions 7.4.0 to 7.4.10
- FortiOS 7.2 – versions 7.2.0 to 7.2.12
- FortiOS 7.0 – versions 7.0.0 to 7.0.18
- FortiProxy 7.6 – versions 7.6.0 to 7.6.4
- FortiProxy 7.4 – versions 7.4.0 to 7.4.12
- FortiProxy 7.2 – all versions
- FortiProxy 7.0 – all versions
Fortinet has stated that this vulnerability has been exploited in the wild. Fortinet has disabled FortiCloud SSO from devices running vulnerable versions. Clients must upgrade to the latest versions for the FortiCloud SSO authentication to function.
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.