Details of VAR-202604-3329

ID

VAR-202604-3329

CVE

CVE-2026-27316

TITLE

fortinet's FortiSandbox Vulnerabilities related to insufficient protection of authentication information in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2026-012297

DESCRIPTION

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection. This vulnerability allows authenticated administrators to perform client-side checks. LDAP It is possible to read the server's authentication information.There is a possibility that some of the information handled by the software may be leaked to the outside. However, the information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-27316 // JVNDB: JVNDB-2026-012297

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	5.0.6	Trust: 1.0
vendor:	fortinet	model:	fortisandbox cloud	scope:	eq	version:	5.0.5	Trust: 1.0
vendor:	fortinet	model:	fortisandbox cloud	scope:	eq	version:	5.0.4	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.4.0	Trust: 1.0
vendor:	フォーティネット	model:	fortisandbox cloud	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-012297 // NVD: CVE-2026-27316

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2026-27316
value:	LOW
Trust: 1.0
OTHER:	JVNDB-2026-012297
value:	LOW
Trust: 0.8

psirt@fortinet.com:	CVE-2026-27316
baseSeverity:	LOW
baseScore:	2.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-012297
baseSeverity:	LOW
baseScore:	2.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-012297 // NVD: CVE-2026-27316

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-012297 // NVD: CVE-2026-27316

PATCH

title:

PSIRT | FortiGuard Labs

url:

https://fortiguard.fortinet.com/psirt/FG-IR-26-113

Trust: 0.8

sources: JVNDB: JVNDB-2026-012297

EXTERNAL IDS

db:	NVD	id:	CVE-2026-27316	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-012297	Trust: 0.8

sources: JVNDB: JVNDB-2026-012297 // NVD: CVE-2026-27316

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-26-113	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-27316	Trust: 0.8

sources: JVNDB: JVNDB-2026-012297 // NVD: CVE-2026-27316

SOURCES

db:	JVNDB	id:	JVNDB-2026-012297
db:	NVD	id:	CVE-2026-27316

LAST UPDATE DATE

2026-06-19T23:34:46.413000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-012297	date:	2026-04-24T02:33:00
db:	NVD	id:	CVE-2026-27316	date:	2026-04-22T18:54:01.610

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-012297	date:	2026-04-24T00:00:00
db:	NVD	id:	CVE-2026-27316	date:	2026-04-14T16:16:37.863