Fortinet is facing a significant security incident known as FortiBleed. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on June 19, 2026. The number of affected devices is estimated to be between 74,000 and 86,000 worldwide.
The incident stems from an ongoing credential harvesting campaign rather than a product vulnerability. Exposed data includes usernames, email addresses, and passwords for FortiGate firewalls and SSL VPN instances. This breach potentially allows attackers to gain direct access to corporate networks.
CISA advises affected organizations to reset all relevant passwords immediately. Administrators should also terminate all active sessions. The agency further recommends that all customers enable multi-factor authentication.