CVE Catalog

CVE-2026-22155

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR (PaaS and on-premise versions) allows an attacker to intercept sensitive data sent in plaintext. The flaw affects multiple versions from 7.3 to 7.6.

Risk Assessment

An attacker could gain access to confidential data such as passwords or API keys, potentially leading to system compromise and data breach.

Recommendation

Immediately update FortiSOAR to the latest available version that includes a fix for transmitting sensitive information in cleartext.

Original NVD description (English source)

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>

Vulnerability data from NVD (NIST) · CISA KEV · EPSS