PSIRT unauthorized backup file access Summary An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNDR and FortiVoice may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests. Version Affected Solution FortiNDR 7.6 7.6.0 Upgrade to 7.6.1 or above FortiNDR 7.4 7.4.0 through 7.4.8 Upgrade to 7.4.9 or above FortiNDR 7.2 7.2 all versions Migrate to a fixed release FortiNDR 7.1 7.1 all versions Migrate to a fixed release FortiNDR 7.0 7.0 all versions Migrate to a fixed release FortiVoice 7.4 Not affected Not Applicable FortiVoice 7.2 Not affected Not Applicable FortiVoice 7.0 7.0.0 through 7.0.1 Upgrade to 7.0.2 or above FortiVoice 6.4 Not affected Not Applicable Acknowledgement Internally discovered and reported by Yonghui Han of Fortinet Product Security team. Timeline 2026-04-14: Initial publication IR Number FG-IR-26-124 Published Date Apr 14, 2026 Component GUI Severity Medium Discovered Internal Attack Type Authenticated Known Exploited No CVSSv3 Score 5.4 Impact Information disclosure CVE ID CVE-2024-23104 Download CVRF CSAF