{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22574", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2026-01-07T18:30:44.883Z", "datePublished": "2026-04-14T15:38:08.130Z", "dateUpdated": "2026-04-14T16:46:16.794Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSOAR PaaS", "cpes": ["cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.4", "status": "affected"}, {"versionType": "semver", "version": "7.5.0", "lessThanOrEqual": "7.5.2", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.5", "status": "affected"}, {"versionType": "semver", "version": "7.3.0", "lessThanOrEqual": "7.3.3", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSOAR on-premise", "cpes": ["cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.4", "status": "affected"}, {"versionType": "semver", "version": "7.5.0", "lessThanOrEqual": "7.5.2", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.5", "status": "affected"}, {"versionType": "semver", "version": "7.3.0", "lessThanOrEqual": "7.3.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:08.130Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-257", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22574", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T16:35:22.098427Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:46:16.794Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22574", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T16:35:22.098427Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:37:28.761Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSOAR PaaS", "versions": [{"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.4"}, {"status": "affected", "version": "7.5.0", "versionType": "semver", "lessThanOrEqual": "7.5.2"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.5"}, {"status": "affected", "version": "7.3.0", "versionType": "semver", "lessThanOrEqual": "7.3.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSOAR on-premise", "versions": [{"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.4"}, {"status": "affected", "version": "7.5.0", "versionType": "semver", "lessThanOrEqual": "7.5.2"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.5"}, {"status": "affected", "version": "7.3.0", "versionType": "semver", "lessThanOrEqual": "7.3.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105"}], "descriptions": [{"lang": "en", "value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-257", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:08.130Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22574", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:46:16.794Z", "dateReserved": "2026-01-07T18:30:44.883Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-04-14T15:38:08.130Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration."}], "id": "CVE-2026-22574", "lastModified": "2026-04-14T16:16:36.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-04-14T16:16:36.760", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-257"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.0,7.6.4]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.5.0,7.5.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.4.0,7.4.5]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.3.0,7.3.3]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiSOAR on-premise", "source": "cna", "vendor": "Fortinet"}, "product": "fortisoaron-premise", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.0,7.6.4]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.5.0,7.5.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.4.0,7.4.5]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.3.0,7.3.3]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiSOAR PaaS", "source": "cna", "vendor": "Fortinet"}, "product": "fortisoarpaas", "vendor": "fortinet"}], "analysis": {"en": {"generated_at": "2026-04-14T17:43:42.842644+00:00", "value": {"mitigation_remediation": ["Upgrade FortiSOAR on\u2011premise to version 7.6.5 or later, or to 7.5.3 or newer", "Upgrade FortiSOAR PaaS to version 7.6.5 or later, or to 7.5.3 or newer", "Verify that the updated firmware is applied and monitor LDAP configuration changes for unusual activity"], "summary": {"action": "Patch Now", "impact": "Credential Disclosure via LDAP Configuration Modification"}, "threat_synthesis": {"affected_systems": "Fortinet FortiSOAR PaaS versions 7.3.x through 7.6.4 and FortiSOAR on\u2011premise versions 7.3.x through 7.6.4 are impacted by this issue.", "description_and_impact": "The vulnerability allows an authenticated remote attacker to retrieve a service account password by modifying the server address in the LDAP configuration. Passwords are stored in a recoverable format, enabling the attacker to read the stored credentials once authenticated. This can lead to credential compromise and potential lateral movement or full control of the affected system.", "risk_and_exploitability": "With a CVSS score of 4.1, the vulnerability presents moderate severity. Availability of exploitation depends on the attacker having prior authenticated remote access to the system. Once authenticated, the attacker can alter LDAP settings to access passwords that are stored in a recoverable format. The EPSS score is not available and the vulnerability is not listed in KEV, indicating no known widespread exploitation yet."}}}}, "created": "2026-04-15T14:41:09.661567+00:00", "title": "Passwords Stored in Recoverable Format in FortiSOAR LDAP Configuration", "updated": "2026-04-15T15:30:06.824390+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$fortisoaron-premise", "fortinet$PRODUCT$fortisoarpaas"]}