PT-2026-32663 · Fortinet · Fortisoar
Michele Damico
·
Published
2026-04-14
·
Updated
2026-05-06
·
CVE-2026-21742
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiSOAR PaaS versions 7.6.0 through 7.6.3
FortiSOAR PaaS versions 7.5.0 through 7.5.2
FortiSOAR PaaS versions 7.4
FortiSOAR PaaS versions 7.3
FortiSOAR on-premise versions 7.6.0 through 7.6.2
FortiSOAR on-premise versions 7.5.0 through 7.5.1
FortiSOAR on-premise versions 7.4
FortiSOAR on-premise versions 7.3
Description
A cleartext transmission of sensitive information issue in the graphical user interface of the cybersecurity orchestration and real-time incident response management software may allow an authenticated remote attacker to view user passwords in cleartext. This occurs specifically in responses for Secure Message Exchange and Radius queries when configured.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisoar