
Fortinet
US network security vendor; recurring KEV presence and FortiBleed credential exposure affecting 194 countries in 2026.
Last refreshed: 24 June 2026 · Appears in 1 active topic
How were 86,644 Fortinet credentials collected across 194 countries without a zero-day?
Timeline for Fortinet
Mentioned in: A quiet KEV fortnight, then a 2008 bug
Cybersecurity: Threats and DefencesOne operator ran both ransomware brands
Cybersecurity: Threats and DefencesLynx crew cashes in FortiBleed haul
Cybersecurity: Threats and Defences86,644 Fortinet logins become a hit list
Cybersecurity: Threats and DefencesMentioned in: VPN zero-day open a month pre-patch
Cybersecurity: Threats and DefencesWhat is the Fortinet vulnerability CISA added to KEV in 2026?
What is FortiBleed and does it affect my Fortinet firewall?
Why does Fortinet keep appearing in CISA's KEV catalogue?
Background
Fortinet is a major US network security vendor providing firewalls, SASE (Secure Access Service Edge), endpoint security, and SD-WAN products to enterprises and government customers globally. Its products have been a recurring target for advanced persistent threat actors; CISA has added multiple Fortinet CVEs to the Known Exploited Vulnerabilities (KEV) catalogue in successive years, including FortiOS vulnerabilities exploited by Chinese state-linked groups and CVE-2026-21643 (a SQL injection flaw) added in April 2026. In June 2026 the FortiBleed dataset (86,644 FortiGate firewall credentials spanning 194 countries) emerged without any zero-day exploit, built instead via credential reuse and traffic interception running since at least February 2026; NCSC and CISA issued joint alerts on 18 June 2026 after researcher Volodymyr Diachenko identified and dated the dataset.
Fortinet was founded in 2000 and is headquartered in Sunnyvale, California. The company competes directly with Palo Alto Networks, Check Point, and Cisco in the enterprise network security market. Its firewall and VPN products are widely deployed by government agencies, critical national infrastructure operators, and large enterprises, making them a high-value persistent target: an attacker who can enumerate credentials across Fortinet deployments in 194 countries holds a ready-made directory of network perimeters for future exploitation campaigns.
For enterprise and government security teams, Fortinet's repeated presence in the KEV catalogue and now the FortiBleed credential exposure make it a standing compliance risk item. KEV addition mandates patching within CISA deadlines for US Federal Civilian Executive Branch agencies. The FortiBleed discovery, assembled with no zero-day, also signals that credential-hygiene and MFA enforcement across perimeter appliances are as critical as patch cadence for Fortinet-heavy environments.