An authentication-based vulnerability permits a remote attacker to retrieve confidential backup data by sending specially crafted HTTP requests. The flaw allows exposure of sensitive information without providing the attacker with additional privileges beyond those granted by standard read-only maintenance access. The vulnerability is identified as a typical information disclosure flaw, typically classified under CWE-200, which can lead to unauthorized data exposure and potential compromise of operational secrets.

The affected products are Fortinet FortiNDR across multiple major releases, namely 7.0.0 through 7.6.0, and all intermediate versions, as well as FortiVoice 7.0.0 and 7.0.1. These devices run on the Fortinet platform and provide network detection and voice services, respectively. Any deployment of these products that has not yet upgraded to the specified patches is susceptible to the described issue.

The CVSS score of 5.4 indicates a moderate risk level. Although no EPSS score is published, the vulnerability requires authenticated access with read‑only permissions, which means the attack surface is limited to users with legitimate system maintenance roles. The lack of a listing in the CISA KEV catalog suggests there is no active exploitation noticed in the wild yet. Nonetheless, the potential impact on confidentiality warrants prompt remediation. The attacker would need to authenticate to the system, then forge HTTP requests to extract backup material, which could contain sensitive logs or configuration data.