Every CVE whose affected-product data names Fortinet Fortisandbox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (59)
CVE-2026-26083 — CVSS 9.8 (critical): A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud…
CVE-2026-39813 — CVSS 9.8 (critical): A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow…
CVE-2026-25089 — CVSS 9.8 (critical): A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0…
CVE-2026-39808 — CVSS 9.8 (critical): A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0…
CVE-2024-52961 — CVSS 8.8 (high): An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0…
CVE-2020-29011 — CVSS 8.8 (high): Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0…
CVE-2024-31491 — CVSS 8.8 (high): A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through…
CVE-2024-27778 — CVSS 8.8 (high): An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0…
CVE-2024-21756 — CVSS 8.8 (high): A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0…
CVE-2021-26097 — CVSS 8.8 (high): An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through…
CVE-2024-21755 — CVSS 8.8 (high): A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0…
CVE-2025-52436 — CVSS 8.8 (high): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet…
CVE-2022-27487 — CVSS 8.8 (high): A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and…
CVE-2024-54027 — CVSS 8.2 (high): A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version…
CVE-2023-41682 — CVSS 8.1 (high): A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox…
CVE-2021-24010 — CVSS 8.1 (high): Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4…
CVE-2024-23671 — CVSS 8.1 (high): A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through…
CVE-2024-45328 — CVSS 7.8 (high): An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute…
CVE-2023-41843 — CVSS 7.5 (high): A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through…
CVE-2023-41681 — CVSS 7.5 (high): A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through…
CVE-2021-22124 — CVSS 7.5 (high): An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0…
CVE-2023-41680 — CVSS 7.5 (high): A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through…
CVE-2024-54018 — CVSS 7.2 (high): Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a…
CVE-2025-53679 — CVSS 7.2 (high): An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in…
CVE-2025-53949 — CVSS 7.2 (high): An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in…
CVE-2024-27781 — CVSS 7.1 (high): An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0…
CVE-2021-26105 — CVSS 6.8 (medium): A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and…
CVE-2024-27779 — CVSS 6.7 (medium): An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below…
CVE-2023-47540 — CVSS 6.7 (medium): An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0…
CVE-2023-47541 — CVSS 6.7 (medium): An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through…
CVE-2026-25691 — CVSS 6.7 (medium): A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through…
CVE-2022-27485 — CVSS 6.5 (medium): A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox…
CVE-2021-26096 — CVSS 6.4 (medium): Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to…
CVE-2021-22125 — CVSS 6.3 (medium): An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated…
CVE-2020-29014 — CVSS 6.3 (medium): A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before…
CVE-2018-1356 — CVSS 6.1 (medium): A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code…
CVE-2022-26115 — CVSS 5.9 (medium): A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker…
CVE-2024-31487 — CVSS 5.9 (medium): A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through…
CVE-2020-29012 — CVSS 5.6 (medium): An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired…
CVE-2025-54353 — CVSS 5.4 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet…
CVE-2025-61886 — CVSS 5.4 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet…
CVE-2021-24014 — CVSS 5.4 (medium): Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an…
CVE-2022-22305 — CVSS 5.4 (medium): An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below…
CVE-2020-29013 — CVSS 5.4 (medium): An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to…
CVE-2021-32591 — CVSS 5.3 (medium): A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1…
CVE-2021-26098 — CVSS 5.3 (medium): An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few…
CVE-2025-46215 — CVSS 5.3 (medium): An Improper Isolation or Compartmentalization vulnerability [CWE-653] in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0…
CVE-2025-53608 — CVSS 4.8 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet…
CVE-2026-39812 — CVSS 4.8 (medium): A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through…
CVE-2020-15939 — CVSS 4.3 (medium): An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated…
CVE-2024-52960 — CVSS 4.3 (medium): A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and…
CVE-2024-54026 — CVSS 4.3 (medium): An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6…
CVE-2024-31490 — CVSS 4.3 (medium): An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox…
CVE-2025-67685 — CVSS 3.8 (low): A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4…
CVE-2022-30305 — CVSS 3.7 (low): An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and…
CVE-2023-41836 — CVSS 3.5 (low): An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0…
CVE-2023-41844 — CVSS 3.5 (low): A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through…
CVE-2023-45587 — CVSS 3.5 (low): An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0…
CVE-2026-27316 — CVSS 2.7 (low): A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions…