CVE-2026-23708_CVE-2026-23708

6.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Description

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.

Basic Information

ID CVE-2026-23708

Source fortinet

Published Apr 14, 2026 at 15:38

Affected Product

Vendor Fortinet

Product FortiSOAR PaaS

Version 7.6.0

Affected Versions Fortinet FortiSOAR PaaS 7.6.0
Fortinet FortiSOAR PaaS 7.5.0
Fortinet FortiSOAR on-premise 7.6.0
Fortinet FortiSOAR on-premise 7.5.0

CWE Classification

CWE-287

References

fortiguard.fortinet.com /psirt/FG-IR-26-101

{
    "lastseen": "",
    "description": "A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.",
    "published": "2026-04-14T15:38:18.327Z",
    "modified": "2026-04-14T15:38:18.327Z",
    "type": "cve",
    "title": "CVE-2026-23708",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-26-101",
    "id": "CVE-2026-23708",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiSOAR PaaS 7.6.0\nFortinet FortiSOAR PaaS 7.5.0\nFortinet FortiSOAR on-premise 7.6.0\nFortinet FortiSOAR on-premise 7.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiSOAR PaaS",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}