{"api_version":"1","generated_at":"2026-04-23T09:40:11+00:00","cve":"CVE-2026-23708","urls":{"html":"https://cve.report/CVE-2026-23708","api":"https://cve.report/api/cve/CVE-2026-23708.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-23708","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-23708"},"summary":{"title":"CVE-2026-23708","description":"A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.","state":"PUBLISHED","assigner":"fortinet","published_at":"2026-04-14 16:16:37","updated_at":"2026-04-17 15:11:56"},"problem_types":["CWE-287","CWE-287 Escalation of privilege"],"metrics":[{"version":"3.1","source":"psirt@fortinet.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","version":"3.1"}}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-101","name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-101","refsource":"psirt@fortinet.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-23708","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23708","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Fortinet","product":"FortiSOAR PaaS","version":"affected 7.6.0 7.6.3 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiSOAR PaaS","version":"affected 7.5.0 7.5.2 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiSOAR on-premise","version":"affected 7.6.0 7.6.3 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiSOAR on-premise","version":"affected 7.5.0 7.5.2 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming  FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to upcoming  FortiSOAR on-premise version 7.5.3 or above","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"23708","cve":"CVE-2026-23708","epss":"0.000660000","percentile":"0.203490000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:41"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-23708","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-14T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-15T03:58:22.574Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiSOAR PaaS","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.6.3","status":"affected","version":"7.6.0","versionType":"semver"},{"lessThanOrEqual":"7.5.2","status":"affected","version":"7.5.0","versionType":"semver"}]},{"cpes":["cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiSOAR on-premise","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.6.3","status":"affected","version":"7.6.0","versionType":"semver"},{"lessThanOrEqual":"7.5.2","status":"affected","version":"7.5.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-287","description":"Escalation of privilege","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-14T15:38:18.327Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-101","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-101"}],"solutions":[{"lang":"en","value":"Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming  FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to upcoming  FortiSOAR on-premise version 7.5.3 or above"}]}},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2026-23708","datePublished":"2026-04-14T15:38:18.327Z","dateReserved":"2026-01-15T13:00:41.463Z","dateUpdated":"2026-04-15T03:58:22.574Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-14 16:16:37","lastModifiedDate":"2026-04-17 15:11:56","problem_types":["CWE-287","CWE-287 Escalation of privilege"],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"23708","Ordinal":"1","Title":"CVE-2026-23708","CVE":"CVE-2026-23708","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"23708","Ordinal":"1","NoteData":"A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.","Type":"Description","Title":"CVE-2026-23708"}]}}}