CVE-2026-26083NVD

Description

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

Severity Level

CRITICAL (9.8)

Published Date

12/05/2026

Last Modified

15/05/2026

Exploitation Status

????

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-136

Critical Alert 2 Active Exploits Detected Today

CVE Watchtower

CVE-2026-26083NVD

Description

References