CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

CVE-2026-27316

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...

PT-2026-40115

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.1 FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox Cloud versions 5.0.2 through 5.0.5 FortiSandbox PaaS version 23.4 FortiSandbox PaaS version 23.3 FortiSandbox PaaS version 23.1 FortiSandbox PaaS...

EUVD-2026-22331

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

CVE-2025-61886

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests...

CVE-2025-53608

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileg...

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...

CVE-2025-53608

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileg...

CVE-2025-53608

CVE-2025-53608 is a cross-site scripting (CWE-79) vulnerability in Fortinet FortiSandbox affecting multiple branches: FortiSandbox 5.0.0–5.0.2, 4.4.0–4.4.7, 4.2 all versions, and 4.0 all versions. The issue arises from improper neutralization of input during web page generation, allowing an authe...

CVE-2025-52436

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attack...

EUVD-2025-202269

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an...

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

CVE-2025-46215

An Improper Isolation or Compartmentalization vulnerability CWE-653 in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to evade the sandboxing scan via a crafted file...

CVE-2024-54027

A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...

The vulnerability of the CLI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to elevate their privileges.

The vulnerability of the CLI component of the FortiSandbox threat detection and mitigation system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow attackers to increase their privileges...

CVE-2024-21755

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests...

PT-2024-3041 · Fortinet · Fortisandbox

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 4.0.0 through 4.0.4 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0 through 4.4.3 Description: The issue is related to an improper limitation of a pathname to a restricted...

PT-2024-3548 · Fortinet · Fortisandbox

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 2.4.0 through 2.4.1 Fortinet FortiSandbox versions 2.5.0 through 2.5.2 Fortinet FortiSandbox versions 3.0.0 through 3.0.7 Fortinet FortiSandbox versions 3.1.0 through 3.1.5 Fortinet FortiSandbox versions 3.2.0...

CVE-2021-32591

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the...