Fortinet Fortisandboxcloud
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortinet Fortisandboxcloud.
By the Year
In 2026 there have been 1 vulnerability in Fortinet Fortisandboxcloud with an average score of 6.7 out of ten. Last year, in 2025 Fortisandboxcloud had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Fortisandboxcloud in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.20.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 6.70 |
| 2025 | 2 | 5.50 |
It may take a day or so for new Fortisandboxcloud vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortinet Fortisandboxcloud Security Vulnerabilities
FortiSandbox Cloud 5.0.4 OS Command Injection via HTTP (RTD)
CVE-2026-25836
6.7 - Medium
- March 10, 2026
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
Shell injection
FortiSandbox 5.0.05.0.2 / <4.4.7 GUI OS Command Injection via HTTP(S)
CVE-2025-53679
6.9 - Medium
- December 09, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.
Shell injection
SQLi in FortiSandbox 3.0-4.4.6 (v23.4) via crafted HTTP
CVE-2024-54026
4.1 - Medium
- March 11, 2025
An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox Cloud 24.1 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortinet Fortisandboxcloud or by Fortinet? Click the Watch button to subscribe.
