PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-21742 Fortinet CVE debrief

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured.

Vendor
Fortinet
Product
FortiSOAR
CVSS
MEDIUM 5.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-14
Original CVE updated
2026-07-08
Advisory published
2026-04-14
Advisory updated
2026-07-08

Who should care

Security teams and administrators responsible for Fortinet FortiSOAR PaaS and on-premise deployments should prioritize patching this vulnerability to prevent potential exposure of sensitive information.

Technical summary

The vulnerability exists in multiple versions of Fortinet FortiSOAR PaaS and on-premise deployments, specifically in the handling of Secure Message Exchange and Radius queries. An authenticated attacker could potentially view cleartext passwords in responses if these features are configured. This vulnerability affects various versions of FortiSOAR, including PaaS 7.6.0 through 7.6.3, PaaS 7.5.0 through 7.5.2, PaaS 7.4, PaaS 7.3, on-premise 7.6.0 through 7.6.2, on-premise 7.5.0 through 7.5.1, on-premise 7.4, and on-premise 7.3. The vulnerability allows an authenticated attacker to access sensitive information, specifically cleartext passwords, under certain configurations.

Defensive priority

Medium priority due to the requirement for authentication and specific configuration for exploitation.

Recommended defensive actions

  • Apply patches or updates provided by Fortinet for the affected FortiSOAR versions.
  • Review and update configurations for Secure Message Exchange and Radius queries to minimize exposure.
  • Monitor for any unauthorized access or suspicious activity related to FortiSOAR systems.
  • Implement additional security measures such as encryption for sensitive data in transit.
  • Conduct regular security audits and vulnerability assessments.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, affected versions, and potential impact. Vendor advisory from Fortinet is available for mitigation and patching guidance. Security teams should verify the configurations of Secure Message Exchange and Radius queries in their FortiSOAR deployments to identify potential exposure. Evidence of exploitation or unauthorized access should be monitored, and additional security measures such as encryption for sensitive data in transit should be considered. Regular security audits and vulnerability assessments are recommended to ensure the security posture of FortiSOAR systems.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-14T16:16:35.930Z and has not been modified since then. The NVD entry is currently Analyzed.