Fortinet Fortisandbox Cloud vulnerabilities
3 known vulnerabilities affecting fortinet/fortisandbox_cloud.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2026-25836HIGHCVSS 7.2v5.0.42026-03-10
CVE-2026-25836 [HIGH] CWE-78 CVE-2026-25836: An improper neutralization of special elements used in an os command ('os command injection') vulner
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
cvelistv5nvd
CVE-2025-53679HIGHCVSS 7.2≥ 23.1.4245, < 23.4.4374v24.1.4436+2 more2025-12-09
CVE-2025-53679 [HIGH] CWE-78 CVE-2025-53679: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privi
cvelistv5nvd
CVE-2024-54026HIGHCVSS 8.8v24.12025-03-11
CVE-2024-54026 [MEDIUM] CWE-89 CVE-2024-54026: An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet
An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox Cloud 24.1 allows attacker to execute unauthorized
cvelistv5nvd