Analysis of Reported Credential Compromise of FortiGate Devices
Fortinet, Friday, June 19th, 2026
Fortinet's PSIRT details the FortiBleed credential-harvesting campaign and remediation steps for affected FortiGate devices.
Fortinet's PSIRT published an advisory on the FortiBleed campaign, in which threat actors reuse credentials from earlier breaches combined with brute-force attacks against devices lacking strong passwords and MFA.
The advisory stresses this is not a new Fortinet vulnerability but a credential-harvesting attack leveraging prior incidents. Fortinet outlines six remediation steps, including terminating active sessions, resetting credentials, enabling MFA, upgrading OS versions, validating configurations, and reviewing logs.