High severity7.5NVD Advisory· Published Apr 14, 2026· Updated May 6, 2026
CVE-2026-23708
CVE-2026-23708
Description
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
1- fortiguard.fortinet.com/psirt/FG-IR-26-101nvdVendor Advisory
News mentions
0No linked articles in our index yet.