CVE-2026-23708

CVSS v3.1

7.5

High

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2026-23708

Affected Products

Fortisoar Paas

Fortisoar On-Premise

CVE-2026-23708

Weakness Enumeration

Related Identifiers

Affected Products

References · 2