ID
VAR-202605-3727
CVE
CVE-2026-26083
TITLE
fortinet's FortiSandbox Vulnerabilities related to lack of authentication in multiple products, such as
Trust: 0.8
DESCRIPTION
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | fortinet | model: | fortisandbox cloud | scope: | gte | version: | 5.0.2 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox paas | scope: | gte | version: | 5.0.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox paas | scope: | lt | version: | 4.4.9 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | lt | version: | 4.4.9 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | gte | version: | 23.1.4245 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | gte | version: | 5.0.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox paas | scope: | lte | version: | 23.4.4374 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | gte | version: | 4.4.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | lte | version: | 23.4.4374 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox paas | scope: | gte | version: | 21.3.4055 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | eq | version: | 24.1.4436 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox paas | scope: | gte | version: | 4.4.5 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox paas | scope: | lt | version: | 5.0.2 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | lt | version: | 5.0.2 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | lt | version: | 5.0.6 | Trust: 1.0 |
| vendor: | フォーティネット | model: | fortisandbox cloud | scope: | - | version: | - | Trust: 0.8 |
| vendor: | フォーティネット | model: | fortisandbox paas | scope: | - | version: | - | Trust: 0.8 |
| vendor: | フォーティネット | model: | fortisandbox | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-862 | Trust: 1.0 |
| problemtype: | Lack of authentication (CWE-862) [ others ] | Trust: 0.8 |
PATCH
| title: | PSIRT | FortiGuard Labs | url: | https://fortiguard.fortinet.com/psirt/FG-IR-26-136 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2026-26083 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2026-015776 | Trust: 0.8 |
REFERENCES
| url: | https://fortiguard.fortinet.com/psirt/fg-ir-26-136 | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2026-26083 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2026-015776 |
| db: | NVD | id: | CVE-2026-26083 |
LAST UPDATE DATE
2026-06-19T23:31:40.982000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2026-015776 | date: | 2026-05-18T02:23:00 |
| db: | NVD | id: | CVE-2026-26083 | date: | 2026-05-15T13:42:07.463 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2026-015776 | date: | 2026-05-18T00:00:00 |
| db: | NVD | id: | CVE-2026-26083 | date: | 2026-05-12T18:16:39.817 |