Password Storage Vulnerability in Fortinet FortiSOAR Products
CVE-2026-22576

4.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar Paas; Fortisoar On-premise
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-22576?

This vulnerability in Fortinet FortiSOAR products allows authenticated remote attackers to access sensitive passwords for installed connectors by exploiting misconfigurations in server address settings. The affected versions include various releases of FortiSOAR PaaS and on-premise deployments, making it critical for users to review their configurations and update to secure versions to safeguard their credentials.

Affected Version(s)

FortiSOAR on-premise 7.6.0 <= 7.6.4

FortiSOAR on-premise 7.5.0 <= 7.5.2

FortiSOAR on-premise 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-104

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22576 Data

JSON