Fortinet FortiSandbox 4.4-5.0.5 LDAP cred leak via client-side inspection
CVE-2026-27316 Published on April 14, 2026
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.
Vulnerability Analysis
CVE-2026-27316 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Products Associated with CVE-2026-27316
stack.watch emails you whenever new vulnerabilities are published in Fortinet Fortisandbox or Fortinet Fortisandboxpaas. Just hit a watch button to start following.
Affected Versions
Fortinet FortiSandbox:- Version 5.0.0, <= 5.0.5 is affected.
- Version 4.4.0, <= 4.4.9 is affected.
- Version 23.4.4374 is affected.
- Version 23.4.4350 is affected.
- Version 23.3.4329 is affected.
- Version 23.1.4245 is affected.
- Version 22.2.4151 is affected.
- Version 22.2.4134 is affected.
- Version 22.1.4113 is affected.
- Version 21.4.4072 is affected.
- Version 21.3.4055 is affected.
- Version 5.0.1, <= 5.0.5 is affected.