Vulnerability intelligence
CVE-2024-55591
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
CVSS Score
9.6
Critical
EPSS — Exploit Probability
98%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2025-01-21
CISA required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2025-01-21.
1 article across 1 outlet · first covered May 13, 2026 · latest May 13, 2026
Tracked incidents
Associated threat actors
Coverage timeline
-
Gentlemen RaaS leak reveals 332 victims, internal chats exposedresearch.checkpoint.com · May 13, 2026