CVE-2026-22155

Summary

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSOAR on-premise7.6.0 <= 7.6.2affected
FortinetFortiSOAR on-premise7.5.0 <= 7.5.1affected
FortinetFortiSOAR on-premise7.4.0 <= 7.4.5affected
FortinetFortiSOAR on-premise7.3.0 <= 7.3.3affected
FortinetFortiSOAR PaaS7.6.0 <= 7.6.3affected
FortinetFortiSOAR PaaS7.5.0 <= 7.5.2affected
FortinetFortiSOAR PaaS7.4.0 <= 7.4.5affected
FortinetFortiSOAR PaaS7.3.0 <= 7.3.3affected

Weaknesses

  • CWE-319: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References