CVEDB API

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortisandbox >> 5.0.3 Security Vulnerabilities

CVE-2026-39812

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVSS Score

4.8

EPSS Score

0.0

Published

2026-04-14

CVE-2026-39813

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

CVSS Score

9.8

EPSS Score

0.001

Published

2026-04-14

CVE-2026-25691

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.

CVSS Score

6.7

EPSS Score

0.001

Published

2026-04-14

CVE-2026-27316

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.

CVSS Score

2.7

EPSS Score

0.0

Published

2026-04-14

CVE-2025-61886

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.

CVSS Score

5.4

EPSS Score

0.0

Published

2026-04-14

CVE-2025-67685

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.

CVSS Score

3.8

EPSS Score

0.0

Published

2026-01-13

Page 1

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortisandbox >> 5.0.3 Security Vulnerabilities

Products

Pricing

Contact Us