Cleartext Transmission Vulnerability in Fortinet FortiSOAR Products
CVE-2026-21742

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar Paas; Fortisoar On-premise
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-21742?

A cleartext transmission vulnerability in Fortinet's FortiSOAR products allows an authenticated attacker to potentially access sensitive data, including passwords. This exposure occurs specifically during Secure Message Exchange and Radius queries when improperly configured, leading to the possibility of unauthorized access to authentication credentials.

Affected Version(s)

FortiSOAR on-premise 7.6.0 <= 7.6.2

FortiSOAR on-premise 7.5.0 <= 7.5.1

FortiSOAR on-premise 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-106

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21742 Data

JSON