CVE-2026-21742 PUBLISHED

Assigner: fortinet
Reserved: 05.01.2026 Published: 14.04.2026 Updated: 14.04.2026

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CVSS Score: 5.4

Product Status

Vendor Fortinet
Product FortiSOAR PaaS
Versions Default: unaffected
  • affected from 7.6.0 to 7.6.2 (incl.)
  • affected from 7.5.0 to 7.5.1 (incl.)
  • affected from 7.4.0 to 7.4.5 (incl.)
  • affected from 7.3.0 to 7.3.3 (incl.)
Vendor Fortinet
Product FortiSOAR on-premise
Versions Default: unaffected
  • affected from 7.6.0 to 7.6.2 (incl.)
  • affected from 7.5.0 to 7.5.1 (incl.)
  • affected from 7.4.0 to 7.4.5 (incl.)
  • affected from 7.3.0 to 7.3.3 (incl.)

Solutions

Upgrade to FortiSOAR PaaS version 7.6.4 or above Upgrade to upcoming FortiSOAR PaaS version 7.5.3 or above Upgrade to FortiSOAR on-premise version 7.6.4 or above Upgrade to FortiSOAR on-premise version 7.6.3 or above Upgrade to upcoming FortiSOAR on-premise version 7.5.3 or above Upgrade to FortiSOAR on-premise version 7.5.2 or above

References

Problem Types

  • Information disclosure CWE