CVE-2026-22155
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR (PaaS and on-premise versions) allows an attacker to intercept sensitive data sent in plaintext. The flaw affects multiple versions from 7.3 to 7.6.
Risk Assessment
An attacker could gain access to confidential data such as passwords or API keys, potentially leading to system compromise and data breach.
Recommendation
Immediately update FortiSOAR to the latest available version that includes a fix for transmitting sensitive information in cleartext.
Original NVD description (English source)
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>

