cbcvebase.
CVE-2026-26083
published 2026-05-12

CVE-2026-26083: A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

Affected

24 ranges
VendorProductVersion rangeFixed in
fortinetfortisandbox4.2.1 – 4.2.8
fortinetfortisandbox>= 4.4.0 < 4.4.94.4.9
fortinetfortisandbox4.4.0 – 4.4.8
fortinetfortisandbox>= 5.0.0 < 5.0.25.0.2
fortinetfortisandbox5.0.0 – 5.0.1
fortinetfortisandbox_cloud
fortinetfortisandbox_cloud23.1.4245 – 23.4.4374
fortinetfortisandbox_cloud4.4.5 – 4.4.8
fortinetfortisandbox_cloud5.0.0 – 5.0.1
fortinetfortisandbox_cloud>= 5.0.2 < 5.0.65.0.6
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas21.3.4055 – 23.4.4374
fortinetfortisandbox_paas>= 4.4.5 < 4.4.94.4.9
fortinetfortisandbox_paas4.4.5 – 4.4.8
fortinetfortisandbox_paas>= 5.0.0 < 5.0.25.0.2
fortinetfortisandbox_paas5.0.0 – 5.0.1