Vulnerability Details CVE-2026-22576
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.1%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-22576
-
cpe:2.3:a:fortinet:fortisoar:7.3.0
-
cpe:2.3:a:fortinet:fortisoar:7.3.1
-
cpe:2.3:a:fortinet:fortisoar:7.3.2
-
cpe:2.3:a:fortinet:fortisoar:7.3.3
-
cpe:2.3:a:fortinet:fortisoar:7.4.0
-
cpe:2.3:a:fortinet:fortisoar:7.4.1
-
cpe:2.3:a:fortinet:fortisoar:7.4.2
-
cpe:2.3:a:fortinet:fortisoar:7.4.3
-
cpe:2.3:a:fortinet:fortisoar:7.4.4
-
cpe:2.3:a:fortinet:fortisoar:7.4.5
-
cpe:2.3:a:fortinet:fortisoar:7.5.0
-
cpe:2.3:a:fortinet:fortisoar:7.5.1
-
cpe:2.3:a:fortinet:fortisoar:7.5.2
-
cpe:2.3:a:fortinet:fortisoar:7.6.0
-
cpe:2.3:a:fortinet:fortisoar:7.6.1
-
cpe:2.3:a:fortinet:fortisoar:7.6.2
-
cpe:2.3:a:fortinet:fortisoar:7.6.3
-
cpe:2.3:a:fortinet:fortisoar:7.6.4