Fortinet

Fortisandbox Cloud

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-26083

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 12.05.2026 16:54:04
  • Zuletzt bearbeitet 15.05.2026 13:42:07

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS ...

9.8

CVE-2026-39813

Medienbericht
  • EPSS 0.12%
  • Veröffentlicht 14.04.2026 15:38:30
  • Zuletzt bearbeitet 20.04.2026 19:11:30

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

5.4

CVE-2025-61886

  • EPSS 0.03%
  • Veröffentlicht 14.04.2026 15:38:21
  • Zuletzt bearbeitet 22.04.2026 19:09:04

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS a...

4.8

CVE-2026-39812

  • EPSS 0.04%
  • Veröffentlicht 14.04.2026 15:38:18
  • Zuletzt bearbeitet 21.04.2026 17:12:33

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5,...

6.7

CVE-2026-25691

  • EPSS 0.06%
  • Veröffentlicht 14.04.2026 15:38:16
  • Zuletzt bearbeitet 22.04.2026 18:55:51

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS ...

2.7

CVE-2026-27316

  • EPSS 0.04%
  • Veröffentlicht 14.04.2026 15:38:02
  • Zuletzt bearbeitet 22.04.2026 18:54:01

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via clie...

7.2

CVE-2026-25836

  • EPSS 0.05%
  • Veröffentlicht 10.03.2026 16:44:06
  • Zuletzt bearbeitet 12.05.2026 18:16:39

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to exec...

7.2

CVE-2025-53679

  • EPSS 0.31%
  • Veröffentlicht 09.12.2025 17:19:51
  • Zuletzt bearbeitet 05.02.2026 16:58:45

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSan...

8.8

CVE-2024-54026

  • EPSS 0.32%
  • Veröffentlicht 11.03.2025 14:54:38
  • Zuletzt bearbeitet 14.01.2026 15:15:55

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all ve...