CVE-2026-23708 — HIGH (7.5)

Q: How severe is CVE-2026-23708?

CVE-2026-23708 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-23708?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortisoar.

Vulnerability Description

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fortinet	Fortisoar	>= 7.5.0, < 7.5.3

Related Weaknesses (CWE)

CWE-287 CWE-862

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-101Vendor Advisory

FAQ

What is CVE-2026-23708?

CVE-2026-23708 is a vulnerability with a CVSS score of 7.5 (HIGH). A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through...

How severe is CVE-2026-23708?

CVE-2026-23708 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-23708?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortisoar.