9.8
CVE-2026-26083
- EPSS 0.05%
- Veröffentlicht 12.05.2026 16:54:04
- Zuletzt bearbeitet 15.05.2026 13:42:07
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortisandbox Version >= 4.4.0 < 4.4.9
Fortinet ≫ Fortisandbox Version >= 5.0.0 < 5.0.2
Fortinet ≫ Fortisandbox Cloud Version >= 5.0.2 < 5.0.6
Fortinet ≫ Fortisandbox Cloud Version >= 23.1.4245 <= 23.4.4374
Fortinet ≫ Fortisandbox Cloud Version24.1.4436
Fortinet ≫ Fortisandbox Paas Version >= 4.4.5 < 4.4.9
Fortinet ≫ Fortisandbox Paas Version >= 5.0.0 < 5.0.2
Fortinet ≫ Fortisandbox Paas Version >= 21.3.4055 <= 23.4.4374
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.153 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@fortinet.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.