CVE-2026-27316

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
2.7LOW
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisandboxFortinet Fortisandbox Paas
Timeline
PublishedApr 14

Description

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5fortinet/fortisandbox_paas5.0.15.0.5+9
CVEListV5fortinet/fortisandbox5.0.05.0.5+1

🔴Vulnerability Details

1
CVEList
CVE-2026-27316: A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 52026-04-14

📋Vendor Advisories

1
Fortinet
Credential disclosure in LDAP configuration web page.2026-04-14
CVE-2026-27316 (LOW CVSS 2.7) | A insufficiently protected credenti | cvebase.io