CVE 9.1 CRITICAL

CVE-2026-26083_CVE-2026-26083

May 12, 2026 invoker category_cve
9.1 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

Basic Information

ID CVE-2026-26083
Source fortinet
Published May 12, 2026 at 16:54

Affected Product

Vendor Fortinet
Product FortiSandbox Cloud
Version 5.0.0
Affected Versions Fortinet FortiSandbox Cloud 5.0.0
Fortinet FortiSandbox Cloud 4.4.5
Fortinet FortiSandbox 5.0.0
Fortinet FortiSandbox 4.4.0
Fortinet FortiSandbox 4.2.1
Fortinet FortiSandbox PaaS 23.4.4374
Fortinet FortiSandbox PaaS 23.4.4350
Fortinet FortiSandbox PaaS 23.3.4329
Fortinet FortiSandbox PaaS 23.1.4245
Fortinet FortiSandbox PaaS 22.2.4151
Fortinet FortiSandbox PaaS 22.2.4134
Fortinet FortiSandbox PaaS 22.1.4113
Fortinet FortiSandbox PaaS 21.4.4072
Fortinet FortiSandbox PaaS 21.3.4055
Fortinet FortiSandbox PaaS 5.0.0
Fortinet FortiSandbox PaaS 4.4.5

CWE Classification

CWE-862

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.