Skip to main content

Fortisoar Paas EUVDEUVD-2026-22315

| CVE-2026-21742 MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2026-04-14 fortinet GHSA-9qp2-w8w6-fgc3
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
CVSS changed
Jul 08, 2026 - 13:22 NVD
5.7 (MEDIUM) 6.5 (MEDIUM)
Analysis Generated
Apr 14, 2026 - 17:05 vuln.today
CVSS changed
Apr 14, 2026 - 16:22 NVD
5.4 (MEDIUM) 5.7 (MEDIUM)
EUVD ID Assigned
Apr 14, 2026 - 16:00 euvd
EUVD-2026-22315
Analysis Generated
Apr 14, 2026 - 16:00 vuln.today
CVE Published
Apr 14, 2026 - 15:38 nvd
MEDIUM 5.7

DescriptionNVD

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured

AnalysisAI

Fortinet FortiSOAR (both PaaS and on-premise versions 7.3-7.6.x) transmits sensitive authentication credentials in cleartext in API responses for Secure Message Exchange and RADIUS configurations, allowing authenticated attackers with network access to intercept and view passwords. The vulnerability requires user interaction (UI:R) and prior authentication (PR:L), affecting confidentiality of stored credentials in these integrations with a CVSS score of 5.7.

Technical ContextAI

FortiSOAR is a Security Orchestration, Automation and Response (SOAR) platform used to integrate and orchestrate security tools. The vulnerability stems from CWE-319 (Cleartext Transmission of Sensitive Information), a failure to encrypt sensitive data in transit. Specifically, when FortiSOAR retrieves or displays configuration data for Secure Message Exchange connectors or RADIUS authentication sources, the system includes plaintext passwords in HTTP/HTTPS responses. This affects both the cloud-hosted PaaS variant (cpe:2.3:a:fortinet:fortisoar_paas:*:*:*:*:*:*:*:*) and on-premise deployments (cpe:2.3:a:fortinet:fortisoar_on-premise:*:*:*:*:*:*:*:*). An attacker positioned to intercept network traffic between the authenticated user's browser/client and the FortiSOAR server could capture these credentials, or a malicious authenticated user could directly extract them from API responses.

RemediationAI

Fortinet has released patched versions; organizations should upgrade to FortiSOAR on-premise 7.5.2 or later (for the 7.5.x branch), 7.6.3 or later (for the 7.6.x branch), or 7.7.0+ (if available), and FortiSOAR PaaS to version 7.6.3 or later or 7.5.2 or later depending on branch. For users unable to patch immediately, apply network segmentation to restrict access to FortiSOAR API endpoints and limit who can authenticate to the platform, reducing the attack surface. Audit existing Secure Message Exchange and RADIUS configurations to identify any credentials that may have been exposed, and rotate those credentials post-patch. Refer to Fortinet advisory FG-IR-26-106 at https://fortiguard.fortinet.com/psirt/FG-IR-26-106 for official patch availability and timelines.

Share

EUVD-2026-22315 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy