PSIRT Clear-text credentials retrievable with IP modification for connectors Summary A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration. Version Affected Solution FortiSOAR PaaS 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiSOAR PaaS 7.5 7.5.0 through 7.5.2 Upgrade to 7.5.3 or above FortiSOAR PaaS 7.4 7.4 all versions Migrate to a fixed release FortiSOAR PaaS 7.3 7.3 all versions Migrate to a fixed release FortiSOAR on-premise 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiSOAR on-premise 7.5 7.5.0 through 7.5.2 Upgrade to 7.5.3 or above FortiSOAR on-premise 7.4 7.4 all versions Migrate to a fixed release FortiSOAR on-premise 7.3 7.3 all versions Migrate to a fixed release Acknowledgement Internally discovered and reported by Shripal Rawal of Fortinet PSIRT team. Timeline 2026-04-14: Initial publication IR Number FG-IR-26-104 Published Date Apr 14, 2026 Component GUI Severity Medium Discovered Internal Attack Type Authenticated Known Exploited No CVSSv3 Score 4.1 Impact Information disclosure CVE ID CVE-2026-22576 Download CVRF CSAF