Fortinet Fortisandbox Cloud — known CVE vulnerabilities
Every CVE whose affected-product data names Fortinet Fortisandbox Cloud, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-26083 — CVSS 9.8 (critical): A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud…
CVE-2026-25089 — CVSS 9.8 (critical): A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0…
CVE-2025-53679 — CVSS 7.2 (high): An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in…
CVE-2026-25836 — CVSS 7.2 (high): An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud…
CVE-2026-25691 — CVSS 6.7 (medium): A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through…
CVE-2025-61886 — CVSS 5.4 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet…
CVE-2026-39812 — CVSS 4.8 (medium): A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through…
CVE-2024-54026 — CVSS 4.3 (medium): An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6…
CVE-2026-27316 — CVSS 2.7 (low): A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions…