Description
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
Published: 2026-04-14
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper authentication flaw allows an attacker who has captured a two‑factor authentication request to replay it and bypass authentication. This flaw enables unauthenticated access to FortiSOAR services, potentially granting full control without the need to guess credentials or exploit other vulnerabilities. The weakness is categorized as CWE‑287 for authentication bypass and CWE‑862 for authorization control weaknesses, highlighting improper validation of authentication states.

Affected Systems

Fortinet FortiSOAR PaaS versions 7.5.0 through 7.5.2 and 7.6.0 through 7.6.3, as well as FortiSOAR on‑premise versions 7.5.0 through 7.5.2 and 7.6.0 through 7.6.3 are affected. Users running any of these versions are at risk if no updates have been applied.

Risk and Exploitability

The CVSS base score of 6.7 reflects moderate severity. The attack requires the adversary to intercept, decrypt, and precisely time the replay of authentication traffic before the two‑factor token expires, raising attack complexity. The EPSS score of 0.00066 indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog, so the overall risk is moderate pending remediation.

Generated by OpenCVE AI on May 6, 2026 at 17:56 UTC.

Remediation

Vendor Solution

Upgrade to FortiSOAR PaaS version 7.6.4 or above Upgrade to upcoming FortiSOAR PaaS version 7.5.3 or above Upgrade to FortiSOAR on-premise version 7.6.4 or above Upgrade to upcoming FortiSOAR on-premise version 7.5.3 or above

OpenCVE Recommended Actions

  • Upgrade FortiSOAR PaaS to version 7.6.4 or newer
  • Upgrade to upcoming FortiSOAR PaaS version 7.5.3 or newer
  • Upgrade FortiSOAR on‑premise to version 7.6.4 or newer
  • Upgrade to upcoming FortiSOAR on‑premise version 7.5.3 or newer

Generated by OpenCVE AI on May 6, 2026 at 17:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Replay of 2FA Request Enables Authentication Bypass in FortiSOAR

Wed, 06 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortisoar
Weaknesses CWE-862
CPEs cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
Vendors & Products Fortinet fortisoar

Wed, 15 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title Replay of 2FA Request Enables Authentication Bypass in FortiSOAR

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
First Time appeared Fortinet
Fortinet fortisoaron-premise
Fortinet fortisoarpaas
Weaknesses CWE-287
CPEs cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortisoaron-premise
Fortinet fortisoarpaas
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

Subscriptions

Fortinet Fortisoar Fortisoaron-premise Fortisoarpaas
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-04-15T03:58:22.574Z

Reserved: 2026-01-15T13:00:41.463Z

Link: CVE-2026-23708

cve-icon Vulnrichment

Updated: 2026-04-14T16:37:16.911Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T16:16:37.277

Modified: 2026-05-06T15:48:38.383

Link: CVE-2026-23708

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T18:00:12Z

Weaknesses