Roughly half of all internet-facing Fortinet firewalls had their credentials harvested, and not one of them was compromised by a new vulnerability. That is the part of the FortiBleed story every security leader should sit with. There was no zero-day and no patch to apply, because the gateway itself was the weakness. If it was reachable, it was a target. That is not a Fortinet problem. It is the defining flaw of the perimeter access model, and it is why patching alone can never close it.
FortiBleed: A Credential Leak, Not a Vulnerability
In June 2026, a researcher found an exposed server holding a validated database of working credentials for Fortinet FortiGate firewalls and secure sockets layer virtual private network (SSL VPN) gateways. By mid-June the confirmed set had reached roughly 86,000 devices across 194 countries, which independent analysts put at about half of all internet-facing Fortinet firewalls. CISA issued an emergency advisory on June 18, the UK National Cyber Security Centre published a global warning and Fortinet's own Product Security Incident Response Team responded, all inside a few days.
Fortinet and outside researchers agree on the mechanism: this was not the exploitation of an unknown flaw. Attackers reused credentials from earlier incidents and brute-forced devices with weak password storage and no multi-factor authentication (MFA), then cracked legacy password hashes out of exported configuration files. The credentials are already circulating on criminal markets, and the same operators were running the same playbook against Sophos gateways, Microsoft SQL servers and Synology devices. The target was never one vendor. It was the internet-facing gateway as a category.
The Problem with the Perimeter Model
A VPN gateway has to be discoverable to do its job. It sits on the public internet and answers connection attempts, which means it answers attackers too. Every exposed gateway is an invitation to scan, spray credentials and brute-force. And once a VPN accepts a login, it usually drops the user onto the network with far more reach than any single task requires. A stolen password becomes a foothold, and the foothold becomes lateral movement. In FortiBleed, that is exactly what happened: attackers used cracked gateway access to pivot into victims' internal Active Directory environments.
Patching does not fix this, and FortiBleed is the proof. Many of the exposed devices were running current software. You cannot patch away the fact that a gateway is visible and will accept a valid credential from anyone who presents one. The exposure is the architecture, not the version number.
It is also getting worse, not better. Exposed gateways are now cheap to find and test at scale, and attackers increasingly use automation to sweep the entire internet for them, spray credentials from earlier breaches and brute-force what is left. FortiBleed was assembled exactly this way. The economics now favor the attacker, and no patch cadence changes that math.
How AppGate ZTNA Removes the Target
ZTNA does not harden the perimeter. It removes the internet-facing gateway as a concept, which takes away what every one of these campaigns needs before anything else: a target it can find and reach. AppGate ZTNA is built on a direct-routed architecture and uses Single Packet Authorization (SPA), which keeps protected resources dark to anyone who is not already cryptographically verified. A scanner sweeping the internet for SSL VPN or management ports finds nothing to attack.
Applied to FortiBleed, the picture changes at every step:
- There is no scannable gateway. The internet-wide scanning that built the FortiBleed credential database returns no result against AppGate ZTNA. The reconnaissance phase simply fails.
- A stolen credential is not enough. SPA requires a cryptographically seeded device before a connection is even possible, so a valid username and password pulled from a leaked database cannot open a session on its own. Credential reuse, the entire basis of FortiBleed, does not work against this model.
- Access is scoped to a resource, not the network. Users reach only the specific applications they are entitled to, not a network segment they can move across. The path from one cracked login to 170,000 internal accounts is closed by design.
- Trust is evaluated continuously on identity, device posture and context, not granted once at login and left open until the session expires.
The difference is architectural. A VPN authenticates once and exposes a network. AppGate ZTNA verifies continuously and exposes nothing until trust is established.
Why This Matters Most in Federal and Defense Environments
FortiBleed hit government agencies and defense organizations alongside enterprises, which is precisely the risk profile where a single exposed gateway is least acceptable. The organizations facing the most capable adversaries have already reached the same conclusion: internet-exposed remote access is incompatible with a serious Zero Trust posture, and self-contained architectures that do not hand control to a third party are the right model for the most sensitive environments.
This is not theoretical for us. AppGate ZTNA was selected for the U.S. Air Force's Next Generation Gateway program, part of a $120 million task order with General Dynamics Information Technology, supporting more than one million users across 187 bases worldwide and protecting information at all classification levels. The same direct-routed architecture that keeps a gateway invisible at that scale is what takes a FortiBleed-style campaign off the table.
What to Do Now
If you run Fortinet or any other internet-facing VPN, follow CISA's June 2026 guidance first: terminate active sessions, reset all administrative and VPN credentials, enforce MFA and remove management interfaces from public exposure. Do that today. But be clear about what those steps are. They are triage for a symptom. The condition is an access model that puts a discoverable gateway on the internet and trusts a credential to protect it.
FortiBleed will not be the last campaign of its kind, because the target is not a vendor, it is the perimeter itself. The organizations that move to ZTNA do not just lower the odds of the next one. They remove themselves from the category of target it depends on. You cannot make a credential un-stealable. But you can make sure that stealing it opens nothing.
Schedule a demo to see how Single Packet Authorization and direct-routed Zero Trust remove the attack surface that made FortiBleed possible.