CONTACT US

FortiOS : time to upgrade your FortiGate – critical vuln (CVSSv3 9.4) fixed now

Jan 28, 2026 | Fortigate, Fortinet

Fortigate criticsal vulnerability

Fortinet has just published a new critical PSIRT advisory FG-IR-26-060 / CVE-2026-24858 (CVSSv3 9.4) and released FortiOS 7.4.11 to remediate it.

Why this matters:

  • Back in December, FG-IR-25-647 was believed to be addressed (FortiOS 7.4.9+).

  • But recent incidents showed similar attack activity even on “patched” systems, and Fortinet has now shipped a fresh fix (7.4.11) for a new but related weakness.

Action (do this today):

  1. Upgrade to FortiOS 7.4.11 (FortiOS 7.4.11 is no longer vulnerable to CVE-2026-24858).
  2. If you can’t upgrade immediately: disable FortiCloud SSO admin login and lock down management access.
  3. Hunt for signs of compromise (unexpected admin accounts, config exports, VPN changes) and rotate credentials if anything looks off.

Advisories:
FG-IR-26-060: https://fortiguard.fortinet.com/psirt/FG-IR-26-060
FG-IR-25-647: https://fortiguard.fortinet.com/psirt/FG-IR-25-647

Explore More Insights

Fortios 7.6: The end of the SSLVPN era

Jan 14, 2026 | ,

After years of Fortinet's SSLVPN solution on the market, which featured high performance and the use of TLS . Fortinet has announced the following in the FortiOS 7.6 release notes Models with less than 2Gb of RAM will not support SSLVPN in FortiOS 7.6. The SSLVPN GUI...

Read More
Fortisase Pablosec Ireland

FortiSASE Expands with New Ireland POP

Sep 6, 2025 |

At Pablosec, as a proud Fortinet partner, we are thrilled to share some excellent news from the Fortinet ecosystem. Just a couple of months after Fortinet was recognized as a Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SASE), a new milestone has...

Read More