Description

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.

INFO

Published Date :

2026-04-14T15:38:18.327Z

Last Modified :

2026-04-15T03:58:22.574Z

Source :

fortinet
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23708 vulnerability.

Vendors Products
Fortinet
  • Fortisoaron-premise
  • Fortisoarpaas
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23708.

URL Resource
https://fortiguard.fortinet.com/psirt/FG-IR-26-101 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact