CVE-2026-27316

Summary

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox5.0.0 <= 5.0.5affected
FortinetFortiSandbox4.4.0 <= 4.4.9affected
FortinetFortiSandbox PaaS23.4.4374affected
FortinetFortiSandbox PaaS23.4.4350affected
FortinetFortiSandbox PaaS23.3.4329affected
FortinetFortiSandbox PaaS23.1.4245affected
FortinetFortiSandbox PaaS22.2.4151affected
FortinetFortiSandbox PaaS22.2.4134affected
FortinetFortiSandbox PaaS22.1.4113affected
FortinetFortiSandbox PaaS21.4.4072affected
FortinetFortiSandbox PaaS21.3.4055affected
FortinetFortiSandbox PaaS5.0.1 <= 5.0.5affected

Weaknesses

  • CWE-522: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References