Main Vulnerability Database Vulnerabilities #VU126119

#VU126119 Improper Authentication in FortiSOAR - CVE-2026-23708

Published: April 15, 2026

Vulnerability identifier: #VU126119

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-23708

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiSOAR

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to compromise the affected system.

The vulnerability exists due to improper authentication. An unauthenticated attacker can bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-26-101

#VU126119 Improper Authentication in FortiSOAR - CVE-2026-23708

Description

Remediation

External links

Please verify you're human