CVE-2026-26083

Summary

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox Cloud5.0.0 <= 5.0.1affected
FortinetFortiSandbox Cloud4.4.5 <= 4.4.8affected
FortinetFortiSandbox5.0.0 <= 5.0.1affected
FortinetFortiSandbox4.4.0 <= 4.4.8affected
FortinetFortiSandbox4.2.1 <= 4.2.8affected
FortinetFortiSandbox PaaS23.4.4374affected
FortinetFortiSandbox PaaS23.4.4350affected
FortinetFortiSandbox PaaS23.3.4329affected
FortinetFortiSandbox PaaS23.1.4245affected
FortinetFortiSandbox PaaS22.2.4151affected
FortinetFortiSandbox PaaS22.2.4134affected
FortinetFortiSandbox PaaS22.1.4113affected
FortinetFortiSandbox PaaS21.4.4072affected
FortinetFortiSandbox PaaS21.3.4055affected
FortinetFortiSandbox PaaS5.0.0 <= 5.0.1affected
FortinetFortiSandbox PaaS4.4.5 <= 4.4.8affected

Weaknesses

  • CWE-862: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References