Cleartext Transmission Vulnerability in Fortinet FortiSOAR Products
CVE-2026-22155

6.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar On-premise; Fortisoar Paas
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-22155?

A vulnerability in Fortinet's FortiSOAR products allows for the cleartext transmission of sensitive information between clients and servers. This issue can potentially expose critical data to unauthorized entities if intercepted as data travels over the network. The affected versions include multiple iterations of FortiSOAR PaaS and on-premise deployments, requiring immediate attention to mitigate risks associated with data exposure.

Affected Version(s)

FortiSOAR on-premise 7.6.0 <= 7.6.2

FortiSOAR on-premise 7.5.0 <= 7.5.1

FortiSOAR on-premise 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-106

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jan 6, 2026

CVE-2026-22155 Data

JSON