← Home
2FA request can be replayed without a valid token after one successful request
Source: fortinet / FG-IR-26-101
— original advisory
Published: 2026-04-14
· Last updated: 2026-04-14
· Vendor severity: Not rated by vendor
CVEs
| CVE | CVSS | CWE | Exploitation |
| CVE-2026-23708 |
6.7 |
CWE-287: Improper Authentication |
Not observed in the wild |
Affected Products
| Product | Affected versions | Fixed version |
| FortiSOAR on-premise |
7.5.0 |
Not specified by vendor |
| FortiSOAR on-premise |
7.6.3 |
Not specified by vendor |
| FortiSOAR on-premise |
7.6.2 |
Not specified by vendor |
| FortiSOAR on-premise |
7.6.1 |
Not specified by vendor |
| FortiSOAR on-premise |
7.6.0 |
Not specified by vendor |
| FortiSOAR on-premise |
7.5.2 |
Not specified by vendor |
| FortiSOAR on-premise |
7.5.1 |
Not specified by vendor |
| FortiSOAR PaaS |
7.6.3 |
Not specified by vendor |
| FortiSOAR PaaS |
7.6.2 |
Not specified by vendor |
| FortiSOAR PaaS |
7.6.1 |
Not specified by vendor |
| FortiSOAR PaaS |
7.6.0 |
Not specified by vendor |
| FortiSOAR PaaS |
7.5.2 |
Not specified by vendor |
| FortiSOAR PaaS |
7.5.1 |
Not specified by vendor |
| FortiSOAR PaaS |
7.5.0 |
Not specified by vendor |