Search
Find a vulnerability
Search criteria
20 vulnerabilities found for FortiSOAR PaaS by Fortinet
CVE-2026-23708 (GCVE-0-2026-23708)
Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
VLAI
Summary
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Escalation of privilege
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:22.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:18.327Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-101",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-101"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-23708",
"datePublished": "2026-04-14T15:38:18.327Z",
"dateReserved": "2026-01-15T13:00:41.463Z",
"dateUpdated": "2026-04-15T03:58:22.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22576 (GCVE-0-2026-22576)
Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-257 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:29:52.411885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:17.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:05.576Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22576",
"datePublished": "2026-04-14T15:38:05.576Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22574 (GCVE-0-2026-22574)
Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-257 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:22.098427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:08.130Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22574",
"datePublished": "2026-04-14T15:38:08.130Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:16.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22573 (GCVE-0-2026-22573)
Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.3 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.3 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:24:34.309578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:14.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.3",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.3",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:22.081Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-116",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-116"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to FortiSOAR PaaS version 7.6.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22573",
"datePublished": "2026-04-14T15:38:22.081Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:14.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22155 (GCVE-0-2026-22155)
Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:34:58.769731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:13.806Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22155",
"datePublished": "2026-04-14T15:38:13.806Z",
"dateReserved": "2026-01-06T15:01:17.447Z",
"dateUpdated": "2026-04-14T16:46:16.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22154 (GCVE-0-2026-22154)
Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Escalation of privilege
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:48.704992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:17.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:07.043Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-117",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-117"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22154",
"datePublished": "2026-04-14T15:38:07.043Z",
"dateReserved": "2026-01-06T15:01:17.447Z",
"dateUpdated": "2026-04-14T16:46:17.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21742 (GCVE-0-2026-21742)
Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:12.570489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:13.389Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-21742",
"datePublished": "2026-04-14T15:38:13.389Z",
"dateReserved": "2026-01-05T14:17:53.224Z",
"dateUpdated": "2026-04-14T16:46:16.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59809 (GCVE-0-2025-59809)
Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.4
Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.4
Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:34:45.731183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.4"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.4"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:15.104Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-59809",
"datePublished": "2026-04-14T15:38:15.104Z",
"dateReserved": "2025-09-22T08:19:21.055Z",
"dateUpdated": "2026-04-14T16:46:16.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59810 (GCVE-0-2025-59810)
Vulnerability from nvd – Published: 2025-12-09 17:19 – Updated: 2026-01-14 09:19
VLAI
Summary
An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T20:20:18.195341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:42:59.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:19:07.675Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to FortiSOAR PaaS version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-59810",
"datePublished": "2025-12-09T17:19:06.350Z",
"dateReserved": "2025-09-22T08:19:21.055Z",
"dateUpdated": "2026-01-14T09:19:07.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59808 (GCVE-0-2025-59808)
Vulnerability from nvd – Published: 2025-12-09 17:19 – Updated: 2026-01-14 09:18
VLAI
Summary
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Improper access control
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T20:20:31.034553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:43:08.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim\u0027s user account to reset the account credentials without being prompted for the account\u0027s password"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:18:51.614Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-599",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-599"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to FortiSOAR PaaS version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-59808",
"datePublished": "2025-12-09T17:19:06.347Z",
"dateReserved": "2025-09-22T08:19:21.055Z",
"dateUpdated": "2026-01-14T09:18:51.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22573 (GCVE-0-2026-22573)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.3 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.3 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:24:34.309578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:14.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.3",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.3",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:22.081Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-116",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-116"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to FortiSOAR PaaS version 7.6.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22573",
"datePublished": "2026-04-14T15:38:22.081Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:14.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23708 (GCVE-0-2026-23708)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
VLAI
Summary
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Escalation of privilege
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:22.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:18.327Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-101",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-101"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-23708",
"datePublished": "2026-04-14T15:38:18.327Z",
"dateReserved": "2026-01-15T13:00:41.463Z",
"dateUpdated": "2026-04-15T03:58:22.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59809 (GCVE-0-2025-59809)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.4
Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.4
Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:34:45.731183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.4"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.4"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:15.104Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-59809",
"datePublished": "2026-04-14T15:38:15.104Z",
"dateReserved": "2025-09-22T08:19:21.055Z",
"dateUpdated": "2026-04-14T16:46:16.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22155 (GCVE-0-2026-22155)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:34:58.769731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:13.806Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22155",
"datePublished": "2026-04-14T15:38:13.806Z",
"dateReserved": "2026-01-06T15:01:17.447Z",
"dateUpdated": "2026-04-14T16:46:16.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21742 (GCVE-0-2026-21742)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:12.570489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:13.389Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-21742",
"datePublished": "2026-04-14T15:38:13.389Z",
"dateReserved": "2026-01-05T14:17:53.224Z",
"dateUpdated": "2026-04-14T16:46:16.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22574 (GCVE-0-2026-22574)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-257 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:22.098427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:08.130Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22574",
"datePublished": "2026-04-14T15:38:08.130Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:16.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22154 (GCVE-0-2026-22154)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Escalation of privilege
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:48.704992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:17.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:07.043Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-117",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-117"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22154",
"datePublished": "2026-04-14T15:38:07.043Z",
"dateReserved": "2026-01-06T15:01:17.447Z",
"dateUpdated": "2026-04-14T16:46:17.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22576 (GCVE-0-2026-22576)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-257 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:29:52.411885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:17.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:05.576Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22576",
"datePublished": "2026-04-14T15:38:05.576Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59810 (GCVE-0-2025-59810)
Vulnerability from cvelistv5 – Published: 2025-12-09 17:19 – Updated: 2026-01-14 09:19
VLAI
Summary
An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T20:20:18.195341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:42:59.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:19:07.675Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to FortiSOAR PaaS version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-59810",
"datePublished": "2025-12-09T17:19:06.350Z",
"dateReserved": "2025-09-22T08:19:21.055Z",
"dateUpdated": "2026-01-14T09:19:07.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59808 (GCVE-0-2025-59808)
Vulnerability from cvelistv5 – Published: 2025-12-09 17:19 – Updated: 2026-01-14 09:18
VLAI
Summary
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Improper access control
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T20:20:31.034553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:43:08.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim\u0027s user account to reset the account credentials without being prompted for the account\u0027s password"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:18:51.614Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-599",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-599"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to FortiSOAR PaaS version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-59808",
"datePublished": "2025-12-09T17:19:06.347Z",
"dateReserved": "2025-09-22T08:19:21.055Z",
"dateUpdated": "2026-01-14T09:18:51.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}