FortiNDR and FortiVoice: Sensitive Info Leaked via Malformed HTTP Requests

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

FortiNDR and FortiVoice: Sensitive Info Leaked via Malformed HTTP Requests

CVE-2024-23104

Summary

Fortinet's FortiNDR and FortiVoice software has a security flaw that could allow an authorized but unauthorized actor to access sensitive backup information by sending specially crafted HTTP requests. This could potentially expose confidential data to unauthorized parties. To protect your system, update to the latest version of FortiNDR and FortiVoice as soon as possible.

Original title

Original description

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests

nvd CVSS3.1 5.4

Vulnerability type

CWE-200 Information Exposure

https://fortiguard.fortinet.com/psirt/FG-IR-26-124

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026