PSIRT Path traversal vulnerability in FortiSOAR Agent Connector Bridge server Summary An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR Agent Connector Bridge may allow an unauthenticated attacker to read files accessible to the fortisoar user on the system where the agent is deployed, via sending a crafted request to the agent port. Version Affected Solution FortiSOAR Agent Communication Bridge 1.1 1.1.0 Upgrade to 1.1.1 or above FortiSOAR Agent Communication Bridge 1.0 1.0 all versions Migrate to a fixed release Acknowledgement Fortinet is pleased to thank Jonathan Bolduc from Precicom Technologies for reporting this vulnerability under responsible disclosure. Timeline 2026-03-10: Initial publication IR Number FG-IR-26-084 Published Date Mar 10, 2026 Component GUI Severity Medium CVSSv3 Score 5.5 Impact Information disclosure CVE ID CVE-2025-54659 Download CVRF CSAF