Picus Security Reports Fortinet Vulnerability Affecting 50,000 Devices

Picus Security has disclosed a critical vulnerability in Fortinet's FortiOS and FortiProxy products, estimated to affect up to 50,000 internet-facing devices. The U.S. government has added it to its list of actively exploited threats.

19 June 2026

Picus Security Reports Fortinet Vulnerability Affecting 50,000 Devices — Image is an AI-generated illustration

Picus Security has identified a critical security vulnerability impacting Fortinet's FortiOS and FortiProxy products, potentially affecting as many as 50,000 internet-facing devices globally. The vulnerability, designated CVE-2024-55591, allows for authentication bypass.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on January 14, 2025, mandating remediation by January 21, 2025.

Exploitation of the vulnerability allows attackers to bypass authentication and gain administrative privileges. This enables them to alter firewall configurations, create new user accounts, and steal credentials. Active exploitation has been observed since November 2024, with attack campaigns documented to include scanning, account hijacking, and lateral movement within affected networks.

Picus Security advises organizations to upgrade to FortiOS version 7.0.17 or later, or FortiProxy version 7.2.13 or later. As a workaround, disconnecting management interfaces from public access or restricting access to trusted internal users is recommended. Continuous monitoring for signs of compromise is also critical.

Original source: picussecurity.com