SB2026041514 - Multiple vulnerabilities in FortiSOAR

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026041514

SB2026041514 - Multiple vulnerabilities in FortiSOAR

Published: April 15, 2026

Security Bulletin ID SB2026041514
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Cleartext transmission of sensitive information (CVE-ID: CVE-2026-22155)

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to cleartext transmission of sensitive information in response for API endpoints. An authenticated attacker can view cleartext password in response for Secure Message Exchange and Radius queries, if configured.


2) Cleartext transmission of sensitive information (CVE-ID: CVE-2026-21742)

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to cleartext transmission of sensitive information in response for API endpoints. An authenticated attacker can view cleartext password in response for Secure Message Exchange and Radius queries, if configured.


Remediation

Install update from vendor's website.

References