FortiSOAR PaaS/On-Prem XSS in Web UI <=7.6.3 via Malformed Input
CVE-2026-22154 Published on April 14, 2026
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests.
Vulnerability Analysis
CVE-2026-22154 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2026-22154 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2026-22154
stack.watch emails you whenever new vulnerabilities are published in Fortinet Fortisoarpaas or Fortinet Fortisoaron Premise. Just hit a watch button to start following.
Affected Versions
Fortinet FortiSOAR PaaS:- Version 7.6.0, <= 7.6.3 is affected.
- Version 7.5.0, <= 7.5.2 is affected.
- Version 7.4.0, <= 7.4.5 is affected.
- Version 7.3.0, <= 7.3.3 is affected.
- Version 7.6.0, <= 7.6.3 is affected.
- Version 7.5.0, <= 7.5.2 is affected.
- Version 7.4.0, <= 7.4.5 is affected.
- Version 7.3.0, <= 7.3.3 is affected.