Vulnerability Details CVE-2026-22573
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.1%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2026-22573
-
cpe:2.3:a:fortinet:fortisoar:7.3.0
-
cpe:2.3:a:fortinet:fortisoar:7.3.1
-
cpe:2.3:a:fortinet:fortisoar:7.3.2
-
cpe:2.3:a:fortinet:fortisoar:7.3.3
-
cpe:2.3:a:fortinet:fortisoar:7.4.0
-
cpe:2.3:a:fortinet:fortisoar:7.4.1
-
cpe:2.3:a:fortinet:fortisoar:7.4.2
-
cpe:2.3:a:fortinet:fortisoar:7.4.3
-
cpe:2.3:a:fortinet:fortisoar:7.4.4
-
cpe:2.3:a:fortinet:fortisoar:7.4.5
-
cpe:2.3:a:fortinet:fortisoar:7.5.0
-
cpe:2.3:a:fortinet:fortisoar:7.5.1
-
cpe:2.3:a:fortinet:fortisoar:7.5.2
-
cpe:2.3:a:fortinet:fortisoar:7.5.3
-
cpe:2.3:a:fortinet:fortisoar:7.6.0
-
cpe:2.3:a:fortinet:fortisoar:7.6.1
-
cpe:2.3:a:fortinet:fortisoar:7.6.2
-
cpe:2.3:a:fortinet:fortisoar:7.6.3