CVE-2026-59835

Summary

A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox5.0.0 <= 5.0.2affected
FortinetFortiSandbox4.4.3 <= 4.4.8affected

Weaknesses

  • CWE-668: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References