216.73.216.170

CVE-2026-23708

· Published 14/04/2026 16:16 · Modified 14/04/2026 16:16

Labels: CVE-2026-23708 2026-04-14CVE-2026-23708CWE-287[email protected]

Essential information

Published
14/04/2026 16:16
Modified
14/04/2026 16:16
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortisoar paas cpe:2.3:a:fortinet:fortisoar_paas:7.6.0-7.6.3:*:*:*:*:*:*:*
fortinet / fortisoar paas cpe:2.3:a:fortinet:fortisoar_paas:7.5.0-7.5.2:*:*:*:*:*:*:*
fortinet / fortisoar on-premise cpe:2.3:a:fortinet:fortisoar_on-premise:7.6.0-7.6.3:*:*:*:*:*:*:*
fortinet / fortisoar on-premise cpe:2.3:a:fortinet:fortisoar_on-premise:7.5.0-7.5.2:*:*:*:*:*:*:*

References