FortiSOAR PaaS and On-Premise Leaks Sensitive Info in Transit

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

FortiSOAR PaaS and On-Premise Leaks Sensitive Info in Transit

CVE-2026-22155

Summary

FortiSOAR software versions 7.6.0 through 7.6.3, 7.5.0 through 7.5.2, and 7.4, as well as on-premise versions 7.6.0 through 7.6.2 and 7.5.0 through 7.5.1, may allow attackers to intercept and read sensitive information being transmitted between the software and users. This could potentially expose confidential data. Update your software to the latest version to fix this issue.

Original title

Original description

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>

nvd CVSS3.1 6.5

Vulnerability type

CWE-319 Cleartext Transmission of Sensitive Information

https://fortiguard.fortinet.com/psirt/FG-IR-26-106

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026