CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-22576

unknowncovered by 1 sourcefirst seen 2026-04-14
CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration. Revised on 2026-04-14 00:00:00

CSIRTS triage

What
A vulnerability allows an authenticated remote attacker to retrieve clear-text passwords.
Who is affected
Authenticated users of FortiSOAR with access to connector configurations.
Urgency
Remediation is critical due to the exposure of sensitive information.
Action
Update to the latest version of FortiSOAR to resolve the issue.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-22576

Get an email if CVE-2026-22576 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-22576

CVE.org record

Embed the live status

CVE-2026-22576 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-22576 status](https://www.csirts.com/badge/CVE-2026-22576)](https://www.csirts.com/cve/CVE-2026-22576)