CISA added the flaw to its KEVs catalog as Fortinet warned that patches for most affected versions remain “upcoming,” even though vulnerable devices can no longer use cloud SSO until upgraded.