Medium6.7Fortinet Updated
2FA request can be replayed without a valid token after one successful request
FG-IR-26-101 Published Apr 14, 2026Updated by vendor Apr 14, 2026
CVE-2026-23708
Affected products & platforms
FortinetUnclassified
Summary
CVSSv3 Score: 6.7 An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration.
Affected versions
- FortiSOAR PaaS 7.6: 7.6.0 through 7.6.3
- FortiSOAR PaaS 7.5: 7.5.0 through 7.5.2
- FortiSOAR on-premise 7.6: 7.6.0 through 7.6.3
- FortiSOAR on-premise 7.5: 7.5.0 through 7.5.2
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- FortiSOAR PaaS 7.6: 7.6.4
- FortiSOAR PaaS 7.5: 7.5.3
- FortiSOAR on-premise 7.6: 7.6.4
- FortiSOAR on-premise 7.5: 7.5.3
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade per the Affected/Solution table: FortiSOAR PaaS 7.6: 7.6.4; FortiSOAR PaaS 7.5: 7.5.3; FortiSOAR on-premise 7.6: 7.6.4; FortiSOAR on-premise 7.5: 7.5.3.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.