Details of VAR-202604-3534

ID

VAR-202604-3534

CVE

CVE-2026-25691

TITLE

fortinet's FortiSandbox Path traversal vulnerabilities in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2026-012301

DESCRIPTION

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests. In addition, all of the information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-25691 // JVNDB: JVNDB-2026-012301

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	4.4.9	Trust: 1.0
vendor:	fortinet	model:	fortisandbox cloud	scope:	eq	version:	5.0.4	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	5.0.6	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortisandbox cloud	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-012301 // NVD: CVE-2026-25691

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2026-25691
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2026-012301
value:	MEDIUM
Trust: 0.8

psirt@fortinet.com:	CVE-2026-25691
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-012301
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-012301 // NVD: CVE-2026-25691

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-012301 // NVD: CVE-2026-25691

PATCH

title:

PSIRT | FortiGuard Labs

url:

https://fortiguard.fortinet.com/psirt/FG-IR-26-115

Trust: 0.8

sources: JVNDB: JVNDB-2026-012301

EXTERNAL IDS

db:	NVD	id:	CVE-2026-25691	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-012301	Trust: 0.8

sources: JVNDB: JVNDB-2026-012301 // NVD: CVE-2026-25691

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-26-115	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-25691	Trust: 0.8

sources: JVNDB: JVNDB-2026-012301 // NVD: CVE-2026-25691

SOURCES

db:	JVNDB	id:	JVNDB-2026-012301
db:	NVD	id:	CVE-2026-25691

LAST UPDATE DATE

2026-06-19T23:29:11.356000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-012301	date:	2026-04-24T02:33:00
db:	NVD	id:	CVE-2026-25691	date:	2026-04-22T18:55:51.777

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-012301	date:	2026-04-24T00:00:00
db:	NVD	id:	CVE-2026-25691	date:	2026-04-14T16:16:37.623