CVEDB API

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortisandbox >> 4.4.9 Security Vulnerabilities

CVE-2026-39808

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVSS Score

9.8

EPSS Score

0.113

Published

2026-04-14

CVE-2026-27316

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.

CVSS Score

2.7

EPSS Score

0.0

Published

2026-04-14

CVE-2025-67685

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.

CVSS Score

3.8

EPSS Score

0.0

Published

2026-01-13

Page 1

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortisandbox >> 4.4.9 Security Vulnerabilities

Products

Pricing

Contact Us