Fortinet FortiSandbox - Command Injection

Fortinet FortiSandbox 4.4.0 through 4.4.8 contains a command injection caused by improper neutralization of special elements in OS commands, letting attackers execute unauthorized code or commands, exploit requires crafted input. id: CVE-2026-39808 info: name: Fortinet FortiSandbox - Command...

CVE-2026-39812

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

CVE-2025-53680

creationtimestamp| type| source ---|---|--- 2026-05-14 00:08:08+00:00| seen| https://ccb.belgium.be/advisories/warning-multiple-critical-high-and-medium-vulnerabilities-fortinet-fortisandbox-fortios...

CVE-2025-67604

creationtimestamp| type| source ---|---|--- 2026-05-14 00:08:08+00:00| seen| https://ccb.belgium.be/advisories/warning-multiple-critical-high-and-medium-vulnerabilities-fortinet-fortisandbox-fortios...

CVE-2026-26083

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all...

CVE-2026-39808

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

CVE-2025-61886

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests...

CVE-2026-39813

Fortinet FortiSandbox contains a path traversal vulnerability (CVE-2026-39813) that affects FortiSandbox 5.0.0–5.0.5 and 4.4.0–4.4.8. The issue arises from a path traversal flaw ("../filedir"), enabling escalation of privilege. CVSS v3.1: 9.8 (CRITICAL), NETWORK attack vector, no user interaction...

CVE-2025-61886

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests...

CVE-2026-39812

FortiSandbox (Fortinet) and FortiSandbox PaaS versions 5.0.0–5.0.5, 4.4.0–4.4.8, and 4.2 all versions are affected by CVE-2026-39812. The issue is an improper neutralization of input during web page generation (XSS) that may allow an attacker to execute unauthorized code or commands via an unspec...

CVE-2026-25691

The CVE-2026-25691 issue affects Fortinet FortiSandbox family (FortiSandbox 5.0.0–5.0.5; 4.4.0–4.4.8; 4.2 all versions; FortiSandbox Cloud 5.0.4; FortiSandbox PaaS 5.0.4). A path traversal vulnerability in the HTTP interface may allow a privileged attacker with a super-admin profile and CLI acces...

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

CVE-2026-27316

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...

Fortinet FortiSandbox 安全漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, real-time control panels, and reporting capabilities. Versions 5.0.0 to 5.0.5,...

EUVD-2025-208489

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileg...

CVE-2025-53608

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileg...

CVE-2025-53608

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileg...

CVE-2025-52436

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attack...

CVE-2025-52436

Fortinet FortiSandbox contains an input handling flaw (CWE-79) that permits an unauthenticated attacker to execute commands via crafted requests, across FortiSandbox 4.0–4.7.x and 5.0.0–5.0.1. The description notes Cross-site Scripting as the underlying issue and lists impacted versions; no remed...