Main Vulnerability Database Vulnerabilities #VU126111

#VU126111 Cleartext transmission of sensitive information in FortiSOAR - CVE-2026-21742

Published: April 15, 2026

Vulnerability identifier: #VU126111

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-21742

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiSOAR

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to cleartext transmission of sensitive information in response for API endpoints. An authenticated attacker can view cleartext password in response for Secure Message Exchange and Radius queries, if configured.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-26-106

#VU126111 Cleartext transmission of sensitive information in FortiSOAR - CVE-2026-21742

Description

Remediation

External links

Please verify you're human