Description
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
Published: 2026-04-14
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass via 2FA Replay
Action: Apply Patch
AI Analysis

Impact

An improper authentication flaw allows an attacker who has captured a two‑factor authentication request to replay it and bypass authentication. This flaw enables unauthenticated access to FortiSOAR services, potentially granting full control without the need to guess credentials or exploit other vulnerabilities. The weakness is categorized as CWE‑287, indicating an authentication bypass issue.

Affected Systems

Fortinet FortiSOAR PaaS versions 7.5.0 through 7.5.2 and 7.6.0 through 7.6.3, as well as FortiSOAR on‑premise versions 7.5.0 through 7.5.2 and 7.6.0 through 7.6.3 are affected. Users running any of these versions are at risk if no updates have been applied.

Risk and Exploitability

The CVSS base score of 6.7 reflects moderate severity. The attack requires the adversary to intercept, decrypt, and precisely time the replay of authentication traffic before the two‑factor token expires, raising attack complexity. No EPSS data is available and the vulnerability is not listed in the CISA KEV catalog, so the overall risk is moderate pending remediation.

Generated by OpenCVE AI on April 14, 2026 at 18:12 UTC.

Remediation

Vendor Solution

Upgrade to FortiSOAR PaaS version 7.6.4 or above Upgrade to upcoming FortiSOAR PaaS version 7.5.3 or above Upgrade to FortiSOAR on-premise version 7.6.4 or above Upgrade to upcoming FortiSOAR on-premise version 7.5.3 or above

OpenCVE Recommended Actions

  • Upgrade FortiSOAR PaaS to version 7.6.4 or newer
  • Upgrade to upcoming FortiSOAR PaaS version 7.5.3 or newer
  • Upgrade FortiSOAR on‑premise to version 7.6.4 or newer
  • Upgrade to upcoming FortiSOAR on‑premise version 7.5.3 or newer

Generated by OpenCVE AI on April 14, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title Replay of 2FA Request Enables Authentication Bypass in FortiSOAR

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
First Time appeared Fortinet
Fortinet fortisoaron-premise
Fortinet fortisoarpaas
Weaknesses CWE-287
CPEs cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortisoaron-premise
Fortinet fortisoarpaas
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

Subscriptions

Fortinet Fortisoaron-premise Fortisoarpaas
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-04-15T03:58:22.574Z

Reserved: 2026-01-15T13:00:41.463Z

Link: CVE-2026-23708

cve-icon Vulnrichment

Updated: 2026-04-14T16:37:16.911Z

cve-icon NVD

Status : Received

Published: 2026-04-14T16:16:37.277

Modified: 2026-04-14T16:16:37.277

Link: CVE-2026-23708

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:30:06Z

Weaknesses