PSIRT

Path traversal vulnerability in FortiSOAR Agent Connector Bridge server

Summary

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR Agent Connector Bridge may allow an unauthenticated attacker to read files accessible to the fortisoar user on the system where the agent is deployed, via sending a crafted request to the agent port.

Version	Affected	Solution
FortiSOAR Agent Communication Bridge 1.1	1.1.0	Upgrade to 1.1.1 or above
FortiSOAR Agent Communication Bridge 1.0	1.0 all versions	Migrate to a fixed release

Acknowledgement

Fortinet is pleased to thank Jonathan Bolduc from Precicom Technologies for reporting this vulnerability under responsible disclosure.

Timeline

2026-03-10: Initial publication

IR Number	FG-IR-26-084
Published Date	Mar 10, 2026
Component	GUI
Severity	Medium
CVSSv3 Score	5.5
Impact	Information disclosure
CVE ID
Download	CVRF CSAF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

Path traversal vulnerability in FortiSOAR Agent Connector Bridge server

Summary

Acknowledgement

Timeline

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

Path traversal vulnerability in FortiSOAR Agent Connector Bridge server

Summary

Acknowledgement

Timeline

Threat Intelligence
Center