Fortinet Fortisoaron Premise

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Fortinet Fortisoaron Premise.

By the Year

In 2026 there have been 8 vulnerabilities in Fortinet Fortisoaron Premise with an average score of 5.2 out of ten. Last year, in 2025 Fortisoaron Premise had 4 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.70

Year	Vulnerabilities	Average Score
2026	8	5.15
2025	4	5.85

It may take a day or so for new Fortisoaron Premise vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Fortisoaron Premise Security Vulnerabilities

Path traversal via File Content Extract in FortiSOAR PaaS <7.7
CVE-2026-22573 6.2 - Medium - April 14, 2026

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions.

Directory traversal

Improper Auth. in FortiSOAR 7.57.6.3 via 2FA Replay
CVE-2026-23708 6.7 - Medium - April 14, 2026

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.

authentification

FortiSOAR 7.x SSRF (CWE-918) Before 7.6.4 Allowed Auth Attacker
CVE-2025-59809 4.1 - Medium - April 14, 2026

A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests.

SSRF

FortiSOAR 7.3-7.6.3 Cleartxt Sensitive Data Exposure
CVE-2026-22155 6.2 - Medium - April 14, 2026

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>

Cleartext Transmission of Sensitive Information

Cleartext Password Exposure in FortiSOAR 7.47.6.3 PaaS/OnPrem
CVE-2026-21742 5.4 - Medium - April 14, 2026

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured

Cleartext Transmission of Sensitive Information

FortiSOAR 7.4-7.6.4 LDAP: Authenticated Password Disclosure
CVE-2026-22574 4.1 - Medium - April 14, 2026

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.

Storing Passwords in a Recoverable Format

FortiSOAR PaaS/On-Prem XSS in Web UI <=7.6.3 via Malformed Input
CVE-2026-22154 4.4 - Medium - April 14, 2026

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests.

XSS

Recoverable Passwords in Fortinet FortiSOAR PaaS & On-Prem 7.3-7.6.4
CVE-2026-22576 4.1 - Medium - April 14, 2026

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.

Storing Passwords in a Recoverable Format

FortiSOAR PaaS 7.3-7.6.2 Password Reset without Auth
CVE-2025-59808 6.5 - Medium - December 09, 2025

An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password

Unverified Password Change

FortiSOAR PaaS/On-Prem IAC (Info Disclosure) 7.3-7.6
CVE-2025-59810 6.2 - Medium - December 09, 2025

An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests

Authorization

FortiSOAR OS Command Injection (Pre-7.6.0, 7.5.1, 7.4, 7.3)
CVE-2024-48891 6.6 - Medium - October 14, 2025

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access (via another hypothetical vulnerability) to perform a local privilege escalation via crafted commands.

Shell injection

Fortinet FortiManager/<others> <=7.4.3 Cache Poison via External Host Header
CVE-2022-23439 4.1 - Medium - January 22, 2025

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

Externally Controlled Reference to a Resource in Another Sphere

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet Fortisoaron Premise or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

Fortinet Fortisoaron Premise
Product

Fortinet Fortisoaron Premise

Don't miss out!

By the Year

Recent Fortinet Fortisoaron Premise Security Vulnerabilities

Path traversal via File Content Extract in FortiSOAR PaaS <7.7 CVE-2026-22573 6.2 - Medium - April 14, 2026

Improper Auth. in FortiSOAR 7.57.6.3 via 2FA Replay CVE-2026-23708 6.7 - Medium - April 14, 2026

FortiSOAR 7.x SSRF (CWE-918) Before 7.6.4 Allowed Auth Attacker CVE-2025-59809 4.1 - Medium - April 14, 2026

FortiSOAR 7.3-7.6.3 Cleartxt Sensitive Data Exposure CVE-2026-22155 6.2 - Medium - April 14, 2026

Cleartext Password Exposure in FortiSOAR 7.47.6.3 PaaS/OnPrem CVE-2026-21742 5.4 - Medium - April 14, 2026

FortiSOAR 7.4-7.6.4 LDAP: Authenticated Password Disclosure CVE-2026-22574 4.1 - Medium - April 14, 2026

FortiSOAR PaaS/On-Prem XSS in Web UI <=7.6.3 via Malformed Input CVE-2026-22154 4.4 - Medium - April 14, 2026

Recoverable Passwords in Fortinet FortiSOAR PaaS & On-Prem 7.3-7.6.4 CVE-2026-22576 4.1 - Medium - April 14, 2026

FortiSOAR PaaS 7.3-7.6.2 Password Reset without Auth CVE-2025-59808 6.5 - Medium - December 09, 2025

FortiSOAR PaaS/On-Prem IAC (Info Disclosure) 7.3-7.6 CVE-2025-59810 6.2 - Medium - December 09, 2025

FortiSOAR OS Command Injection (Pre-7.6.0, 7.5.1, 7.4, 7.3) CVE-2024-48891 6.6 - Medium - October 14, 2025

Fortinet FortiManager/<others> <=7.4.3 Cache Poison via External Host Header CVE-2022-23439 4.1 - Medium - January 22, 2025