Reported Credential Compromise of FortiGate Devices
Ascend's Advisory Update — June 23, 2026
Fortinet has published an official analysis of the FortiBleed credential exposure reports. Their investigation confirms this activity involves threat actors reusing credentials from prior incidents and employing brute-force techniques against devices with weak password hygiene and no multi-factor authentication (MFA) enabled. Fortinet has stated this is not a new vulnerability and is not related to a recent security advisory.
Fortinet has identified potentially affected systems and is proactively contacting impacted customers. For customers identified by Fortinet as potentially impacted, Fortinet has provided guidance that includes credential review and reset activities, MFA enforcement, firmware updates, configuration validation, and restricting unnecessary external management access.
For customers with Fortinet devices under Ascend management, neither Fortinet nor Ascend has identified any impacted customer environments at this time. As a precaution, we are continuing our review in alignment with Fortinet's guidance. Should any customer-specific action be warranted, we will coordinate recommended actions with your designated contacts.
For full details, refer to Fortinet's official analysis: Analysis of Reported Credential Compromise of FortiGate Devices
Team Ascend Is Here to Help
If you have any questions about this advisory, please reach out to your customer success manager.