Fortinet Fortisoar Paas vulnerabilities

10 known vulnerabilities affecting fortinet/fortisoar_paas.

Total CVEs

10

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM9

Vulnerabilities

Page 1 of 1

CVE-2026-23708HIGHCVSS 7.5≥ 7.6.0, ≤ 7.6.3≥ 7.5.0, ≤ 7.5.22026-04-14

CVE-2026-23708 [HIGH] CWE-287 CVE-2026-23708: A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR Pa A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and

CVE-2026-22574MEDIUMCVSS 4.1≥ 7.6.0, ≤ 7.6.4≥ 7.5.0, ≤ 7.5.2+2 more2026-04-14

CVE-2026-22574 [MEDIUM] CWE-257 CVE-2026-22574: A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise

CVE-2025-59809MEDIUMCVSS 4.3v7.6.4≥ 7.6.0, ≤ 7.6.2+3 more2026-04-14

CVE-2025-59809 [MEDIUM] CWE-918 CVE-2025-59809: A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR Paa A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through

CVE-2026-22154MEDIUMCVSS 4.6≥ 7.6.0, ≤ 7.6.3≥ 7.5.0, ≤ 7.5.2+2 more2026-04-14

CVE-2026-22154 [MEDIUM] CWE-79 CVE-2026-22154: An improper neutralization of input during web page generation ('cross-site scripting') vulnerabilit An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-pre

CVE-2026-21742MEDIUMCVSS 5.7≥ 7.6.0, ≤ 7.6.2≥ 7.5.0, ≤ 7.5.1+2 more2026-04-14

CVE-2026-21742 [MEDIUM] CWE-319 CVE-2026-21742: A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 thr A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-p

CVE-2026-22573MEDIUMCVSS 6.5≥ 7.6.0, ≤ 7.6.3≥ 7.5.0, ≤ 7.5.3+2 more2026-04-14

CVE-2026-22573 [MEDIUM] CWE-22 CVE-2026-22573: An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in F An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all

CVE-2026-22576MEDIUMCVSS 4.3≥ 7.6.0, ≤ 7.6.4≥ 7.5.0, ≤ 7.5.2+2 more2026-04-14

CVE-2026-22576 [MEDIUM] CWE-257 CVE-2026-22576: A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise

CVE-2026-22155MEDIUMCVSS 6.5≥ 7.6.0, ≤ 7.6.3≥ 7.5.0, ≤ 7.5.2+2 more2026-04-14

CVE-2026-22155 [MEDIUM] CWE-319 CVE-2026-22155: A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 thr A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-p

CVE-2025-59808MEDIUMCVSS 6.8≥ 7.6.0, ≤ 7.6.2≥ 7.5.0, ≤ 7.5.1+2 more2025-12-09

CVE-2025-59808 [MEDIUM] CWE-620 CVE-2025-59808: An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR

CVE-2025-59810MEDIUMCVSS 6.5≥ 7.6.0, ≤ 7.6.2≥ 7.5.0, ≤ 7.5.1+2 more2025-12-09

CVE-2025-59810 [MEDIUM] CWE-284 CVE-2025-59810: An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR P An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions