← Home

2FA request can be replayed without a valid token after one successful request

CVEs

CVECVSSCWEExploitation
CVE-2026-23708 6.7 CWE-287: Improper Authentication Not observed in the wild

Affected Products

ProductAffected versionsFixed version
FortiSOAR on-premise 7.5.0 Not specified by vendor
FortiSOAR on-premise 7.6.3 Not specified by vendor
FortiSOAR on-premise 7.6.2 Not specified by vendor
FortiSOAR on-premise 7.6.1 Not specified by vendor
FortiSOAR on-premise 7.6.0 Not specified by vendor
FortiSOAR on-premise 7.5.2 Not specified by vendor
FortiSOAR on-premise 7.5.1 Not specified by vendor
FortiSOAR PaaS 7.6.3 Not specified by vendor
FortiSOAR PaaS 7.6.2 Not specified by vendor
FortiSOAR PaaS 7.6.1 Not specified by vendor
FortiSOAR PaaS 7.6.0 Not specified by vendor
FortiSOAR PaaS 7.5.2 Not specified by vendor
FortiSOAR PaaS 7.5.1 Not specified by vendor
FortiSOAR PaaS 7.5.0 Not specified by vendor