CVE-2026-23708
6.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Summary
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet | FortiSOAR PaaS | 7.6.0 <= 7.6.3 | affected |
| Fortinet | FortiSOAR PaaS | 7.5.0 <= 7.5.2 | affected |
| Fortinet | FortiSOAR on-premise | 7.6.0 <= 7.6.3 | affected |
| Fortinet | FortiSOAR on-premise | 7.5.0 <= 7.5.2 | affected |
Weaknesses
- CWE-287: Escalation of privilege
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.