EUVD-2026-22325

| CVE-2026-22576 MEDIUM
2026-04-14 fortinet
Fortinet Information Disclosure Fortisoar Paas Fortisoar On Premise
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 14, 2026 - 17:04 vuln.today
CVSS Changed
Apr 14, 2026 - 16:22 NVD
4.1 (MEDIUM) 4.3 (MEDIUM)

DescriptionNVD

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.

AnalysisAI

Fortinet FortiSOAR PaaS and on-premise versions 7.3 through 7.6.4 store connector passwords in a recoverable format, allowing authenticated remote attackers to retrieve plaintext or weakly encrypted credentials for multiple installed connectors by modifying the server address in connector configuration. This affects security orchestration workflows that depend on connector authentication for external integrations.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-22325 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy