PSIRT Clear-text credentials retrievable with IP modification for LDAP Summary A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration. Version Affected Solution FortiSOAR PaaS 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiSOAR PaaS 7.5 7.5.0 through 7.5.2 Upgrade to 7.5.3 or above FortiSOAR PaaS 7.4 7.4 all versions Migrate to a fixed release FortiSOAR PaaS 7.3 7.3 all versions Migrate to a fixed release FortiSOAR on-premise 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiSOAR on-premise 7.5 7.5.0 through 7.5.2 Upgrade to 7.5.3 or above FortiSOAR on-premise 7.4 7.4 all versions Migrate to a fixed release FortiSOAR on-premise 7.3 7.3 all versions Migrate to a fixed release Acknowledgement Internally discovered and reported by Shripal Rawal of Fortinet PSIRT team. Timeline 2026-04-14: Initial publication IR Number FG-IR-26-105 Published Date Apr 14, 2026 Component GUI Severity Medium Discovered Internal Attack Type Authenticated Known Exploited No CVSSv3 Score 4.1 Impact Information disclosure CVE ID CVE-2026-22574 Download CVRF CSAF