CVE-2026-22576
Recoverable Password Exposure in Fortinet FortiSOAR Connectors
Publication date: 2026-04-14
Last updated on: 2026-05-06
Assigner: Fortinet, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortisoar | From 7.6.0 (inc) to 7.6.5 (exc) |
| fortinet | fortisoar | From 7.3.0 (inc) to 7.5.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Fortinet FortiSOAR PaaS and on-premise versions ranging from 7.3 to 7.6.4. It involves storing passwords in a recoverable format, which means that an authenticated remote attacker can potentially retrieve passwords for multiple installed connectors. This can be done by modifying the server address in the connector configuration.
How can this vulnerability impact me? :
The vulnerability allows an authenticated remote attacker to obtain passwords for multiple connectors by manipulating the server address configuration. This could lead to unauthorized access to systems or services that use these connectors, potentially compromising sensitive data or disrupting operations.