Vulnerability Details CVE-2026-21742
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.4%
CVSS Severity
CVSS v3 Score 5.7
Products affected by CVE-2026-21742
-
cpe:2.3:a:fortinet:fortisoar:7.3.0
-
cpe:2.3:a:fortinet:fortisoar:7.3.1
-
cpe:2.3:a:fortinet:fortisoar:7.3.2
-
cpe:2.3:a:fortinet:fortisoar:7.3.3
-
cpe:2.3:a:fortinet:fortisoar:7.4.0
-
cpe:2.3:a:fortinet:fortisoar:7.4.1
-
cpe:2.3:a:fortinet:fortisoar:7.4.2
-
cpe:2.3:a:fortinet:fortisoar:7.4.3
-
cpe:2.3:a:fortinet:fortisoar:7.4.4
-
cpe:2.3:a:fortinet:fortisoar:7.4.5
-
cpe:2.3:a:fortinet:fortisoar:7.5.0
-
cpe:2.3:a:fortinet:fortisoar:7.5.1
-
cpe:2.3:a:fortinet:fortisoar:7.5.2
-
cpe:2.3:a:fortinet:fortisoar:7.6.0
-
cpe:2.3:a:fortinet:fortisoar:7.6.1
-
cpe:2.3:a:fortinet:fortisoar:7.6.2
-
cpe:2.3:a:fortinet:fortisoar:7.6.3