Main Vulnerability Database Vulnerabilities #VU126111

Cleartext transmission of sensitive information in FortiSOAR - CVE-2026-21742

Published: April 15, 2026

Vulnerability identifier: #VU126111

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-21742

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiSOAR

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to cleartext transmission of sensitive information in response for API endpoints. An authenticated attacker can view cleartext password in response for Secure Message Exchange and Radius queries, if configured.

How to mitigate CVE-2026-21742

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-26-106

Cleartext transmission of sensitive information in FortiSOAR - CVE-2026-21742

Detailed vulnerability description

How to mitigate CVE-2026-21742

Sources

Please verify you're human