Fortinet Fortisoar
22 CVEs affecting Fortinet Fortisoar. Latest disclosed: 2026-04-14. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-47572 | High | 8.3 | 2025-01-14 | An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands… |
CVE-2024-21760 | High | 7.7 | 2025-03-18 | An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 al… |
CVE-2026-23708 | High | 7.5 | 2026-04-14 | A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through… |
CVE-2023-25605 | High | 7.5 | 2023-03-07 | A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unautho… |
CVE-2023-27995 | High | 7.2 | 2023-04-11 | A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote… |
CVE-2024-45327 | High | 7.1 | 2024-09-11 | An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 chang… |
CVE-2026-22573 | Medium | 6.5 | 2026-04-14 | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS… |
CVE-2026-22155 | Medium | 6.5 | 2026-04-14 | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR P… |
CVE-2024-48892 | Medium | 6.4 | 2025-08-12 | A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacke… |
CVE-2024-48893 | Medium | 6.4 | 2025-01-14 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authen… |
CVE-2023-26211 | Medium | 6.4 | 2024-08-13 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remo… |
CVE-2024-48890 | Medium | 6.3 | 2025-01-14 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7… |
CVE-2025-32932 | Medium | 6.2 | 2025-08-12 | An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7… |
CVE-2024-31493 | Medium | 6.0 | 2024-06-03 | An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7… |
CVE-2023-23775 | Medium | 5.9 | 2024-06-11 | Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may al… |
CVE-2026-21742 | Medium | 5.7 | 2026-04-14 | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR P… |
CVE-2024-36510 | Medium | 4.9 | 2025-01-14 | An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7… |
CVE-2026-22154 | Medium | 4.6 | 2026-04-14 | An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR… |
CVE-2026-22576 | Medium | 4.3 | 2026-04-14 | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7… |
CVE-2025-59809 | Medium | 4.3 | 2026-04-14 | A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS… |