Fortinet Fortisandboxpaas
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortinet Fortisandboxpaas.
By the Year
In 2026 there have been 5 vulnerabilities in Fortinet Fortisandboxpaas with an average score of 5.4 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 5 | 5.40 |
It may take a day or so for new Fortisandboxpaas vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortinet Fortisandboxpaas Security Vulnerabilities
FortiSandbox 5.0.0-5.0.4 XSS via Input in Web Page Gen (CWE-79)
CVE-2025-61886
4.9 - Medium
- April 14, 2026
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.
XSS
FortiSandbox XSS in Web Page Generation (5.0.5)
CVE-2026-39812
4.3 - Medium
- April 14, 2026
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
XSS
FortiSandbox 4.2-5.0.5 Path Traversal Enables Privileged Directory Delete via CLI
CVE-2026-25691
6.2 - Medium
- April 14, 2026
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.
Directory traversal
Fortinet FortiSandbox 4.4-5.0.5 LDAP cred leak via client-side inspection
CVE-2026-27316
2.5 - Low
- April 14, 2026
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.
Insufficiently Protected Credentials
FortiSandbox 4.4.0-4.4.8 OS Command Injection Vulnerability
CVE-2026-39808
9.1 - Critical
- April 14, 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortinet Fortisandboxpaas or by Fortinet? Click the Watch button to subscribe.
