Path traversal vulnerability in FortiSOAR Agent Connector Bridge server Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-26-084 Final 1 1 2026-03-10T00:00:00 Current version 2026-03-10T00:00:00 2026-03-10T00:00:00 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR Agent Connector Bridge may allow an unauthenticated attacker to read files accessible to the fortisoar user on the system where the agent is deployed, via sending a crafted request to the agent port. None Information disclosure None Fortinet is pleased to thank Jonathan Bolduc from Precicom Technologies for reporting this vulnerability under responsible disclosure. FortiSOAR Agent Communication Bridge 1.1.0 FortiSOAR Agent Communication Bridge 1.0.2 FortiSOAR Agent Communication Bridge 1.0.1 FortiSOAR Agent Communication Bridge 1.0.0 CVE-2025-54659 FortiSOAR Agent Communication Bridge-1.1.0 FortiSOAR Agent Communication Bridge-1.0.2 FortiSOAR Agent Communication Bridge-1.0.1 FortiSOAR Agent Communication Bridge-1.0.0 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-26-084 Path traversal vulnerability in FortiSOAR Agent Connector Bridge server Reference>