CVE-2026-22155
Cleartext Data Exposure in Fortinet FortiSOAR
Publication date: 2026-04-14
Last updated on: 2026-05-06
Assigner: Fortinet, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortisoar | From 7.6.0 (inc) to 7.6.4 (exc) |
| fortinet | fortisoar | From 7.3.0 (inc) to 7.5.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the cleartext transmission of sensitive information in various versions of Fortinet FortiSOAR PaaS and on-premise products. Because the sensitive data is sent without encryption, an attacker could potentially intercept and disclose this information.
How can this vulnerability impact me? :
The impact of this vulnerability is information disclosure. An attacker who can intercept the cleartext transmissions may gain access to sensitive information, which could lead to unauthorized data exposure and potential misuse.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves cleartext transmission of sensitive information, which may lead to information disclosure.
Such exposure of sensitive data could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require protection of sensitive information during transmission.
However, the provided information does not specify exact compliance impacts or regulatory consequences.