CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-23708

unknowncovered by 1 sourcefirst seen 2026-04-14
CVSSv3 Score: 6.7 An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration. Revised on 2026-04-14 00:00:00

CSIRTS triage

What
An unauthenticated attacker may bypass authentication by replaying captured 2FA requests.
Who is affected
Users of FortiSOAR web GUI.
Urgency
Remediation is urgent due to the potential for unauthorized access.
Action
Implement measures to secure authentication traffic.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-23708

Get an email if CVE-2026-23708 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-23708

CVE.org record

Embed the live status

CVE-2026-23708 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-23708 status](https://www.csirts.com/badge/CVE-2026-23708)](https://www.csirts.com/cve/CVE-2026-23708)