Fortinet Fortisandboxpaas

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Fortinet Fortisandboxpaas.

By the Year

In 2026 there have been 7 vulnerabilities in Fortinet Fortisandboxpaas with an average score of 6.1 out of ten.

Year	Vulnerabilities	Average Score
2026	7	6.11

It may take a day or so for new Fortisandboxpaas vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Fortisandboxpaas Security Vulnerabilities

FortiSandbox auth bypass in 4.45.0.x series
CVE-2026-26083 9.1 - Critical - May 12, 2026

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

AuthZ

FortiSandbox 5.0.0-5.0.4 XSS via Input in Web Page Gen (CWE-79)
CVE-2025-61886 4.9 - Medium - April 14, 2026

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.

XSS

FortiSandbox XSS in Web Page Generation (5.0.5)
CVE-2026-39812 4.3 - Medium - April 14, 2026

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

XSS

FortiSandbox 4.2-5.0.5 Path Traversal Enables Privileged Directory Delete via CLI
CVE-2026-25691 6.2 - Medium - April 14, 2026

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.

Directory traversal

Fortinet FortiSandbox 4.4-5.0.5 LDAP cred leak via client-side inspection
CVE-2026-27316 2.5 - Low - April 14, 2026

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.

Insufficiently Protected Credentials

FortiSandbox 4.4.0-4.4.8 OS Command Injection Vulnerability
CVE-2026-39808 9.1 - Critical - April 14, 2026

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Shell injection

FortiSandbox Cloud 5.0.4 OS Command Injection via HTTP (RTD)
CVE-2026-25836 6.7 - Medium - March 10, 2026

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet Fortisandboxpaas or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

Fortinet Fortisandboxpaas
Product

Fortinet Fortisandboxpaas

Don't miss out!

By the Year

Recent Fortinet Fortisandboxpaas Security Vulnerabilities

FortiSandbox auth bypass in 4.45.0.x series CVE-2026-26083 9.1 - Critical - May 12, 2026

FortiSandbox 5.0.0-5.0.4 XSS via Input in Web Page Gen (CWE-79) CVE-2025-61886 4.9 - Medium - April 14, 2026

FortiSandbox XSS in Web Page Generation (5.0.5) CVE-2026-39812 4.3 - Medium - April 14, 2026

FortiSandbox 4.2-5.0.5 Path Traversal Enables Privileged Directory Delete via CLI CVE-2026-25691 6.2 - Medium - April 14, 2026

Fortinet FortiSandbox 4.4-5.0.5 LDAP cred leak via client-side inspection CVE-2026-27316 2.5 - Low - April 14, 2026

FortiSandbox 4.4.0-4.4.8 OS Command Injection Vulnerability CVE-2026-39808 9.1 - Critical - April 14, 2026

FortiSandbox Cloud 5.0.4 OS Command Injection via HTTP (RTD) CVE-2026-25836 6.7 - Medium - March 10, 2026