~/products/fortinet/fortisandbox_paas

pipeline liveDigest Docs

Fortinet Fortisandbox Paas vulnerabilities

7 known vulnerabilities affecting fortinet/fortisandbox_paas.

Total CVEs

7

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH1MEDIUM3LOW1

Vulnerabilities

Page 1 of 1

CVE-2026-26083CRITICALCVSS 9.8≥ 4.4.5, < 4.4.9≥ 5.0.0, < 5.0.2+12 more2026-05-12

CVE-2026-26083 [CRITICAL] CWE-862 CVE-2026-26083: A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4 A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiS

CVE-2026-39808CRITICALCVSS 9.8PoCv23.4.4374v23.4.4350+7 more2026-04-14

CVE-2026-39808 [CRITICAL] CWE-78 CVE-2026-39808: A improper neutralization of special elements used in an os command ('os command injection') vulnera A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via

CVE-2026-39812MEDIUMCVSS 4.8≥ 5.0.0, ≤ 5.0.5≥ 4.4.0, ≤ 4.4.8+1 more2026-04-14

CVE-2026-39812 [MEDIUM] CWE-79 CVE-2026-39812: A improper neutralization of input during web page generation ('cross-site scripting') vulnerability A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execu

CVE-2025-61886MEDIUMCVSS 5.4≥ 5.0.0, ≤ 5.0.42026-04-14

CVE-2025-61886 [MEDIUM] CWE-79 CVE-2025-61886: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.

CVE-2026-25691MEDIUMCVSS 6.7v5.0.42026-04-14

CVE-2026-25691 [MEDIUM] CWE-22 CVE-2026-25691: A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fo A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary d

CVE-2026-27316LOWCVSS 2.7v23.4.4374v23.4.4350+8 more2026-04-14

CVE-2026-27316 [LOW] CWE-522 CVE-2026-27316: A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, F A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.

CVE-2026-25836HIGHCVSS 7.2v5.0.42026-03-10

CVE-2026-25836 [HIGH] CWE-78 CVE-2026-25836: An improper neutralization of special elements used in an os command ('os command injection') vulner An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.