Path Traversal Vulnerability in Fortinet FortiSOAR Products
CVE-2026-22573

6.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar On-premise; Fortisoar Paas
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-22573?

An issue has been identified in Fortinet FortiSOAR products that allows an authenticated remote attacker to exploit path traversal vulnerabilities. By utilizing File Content Extraction actions, an attacker may gain unauthorized access to restricted files and directories. This flaw affects multiple versions of FortiSOAR, including both PaaS and on-premise deployments, potentially compromising system integrity and sensitive data. It is important for users to update affected products promptly to mitigate this risk.

Affected Version(s)

FortiSOAR on-premise 7.6.0 <= 7.6.3

FortiSOAR on-premise 7.5.0 <= 7.5.3

FortiSOAR on-premise 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-116

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22573 Data

JSON