CVE-2020-12812 FortiOS 2FA Bypass

Five-year-old two-factor authentication bypass flaw in FortiOS SSL VPN affecting perimeter security appliances worldwide, with 9,700+ unpatched instances exposed and active exploitation confirmed by threat actors

Cyber News & Updates

Fortinet FortiOS CVE-2020-12812: Five-Year-Old 2FA Bypass Affecting 9,700+ Exposed Firewalls Under Active Exploitation

A five-year-old 2FA bypass vulnerability in Fortinet FortiOS continues to plague enterprise perimeter security. Over 9,700 unpatched FortiGate instances remain exposed globally as of January 2026, with active exploitation confirmed.…
Read more →

Peter Chofield

·

Jan 4, 2026

·

7–11 minutes

CVE-2020-12812 FortiOS 2FA Bypass

Fortinet FortiOS CVE-2020-12812: Five-Year-Old 2FA Bypass Affecting 9,700+ Exposed Firewalls Under Active Exploitation