Main Vulnerability Database Vulnerabilities #VU126110

#VU126110 Cleartext transmission of sensitive information in FortiSOAR - CVE-2026-22155

Published: April 15, 2026

Vulnerability identifier: #VU126110

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-22155

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiSOAR

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to cleartext transmission of sensitive information in response for API endpoints. An authenticated attacker can view cleartext password in response for Secure Message Exchange and Radius queries, if configured.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-26-106

#VU126110 Cleartext transmission of sensitive information in FortiSOAR - CVE-2026-22155

Description

Remediation

External links

Please verify you're human