Primary

Context

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in Fortinet FortiSandbox versions 5.0.0 through 5.0.1, 4.4.0 through 4.4.7, 4.2 (all versions), and 4.0 (all versions). This vulnerability allows an unauthenticated attacker to execute commands by sending crafted requests.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code or commands.

Remediation

Users of Fortinet FortiSandbox should upgrade to version 5.0.2 or above if they are on FortiSandbox 5.0, or to version 4.4.8 or above if they are on FortiSandbox 4.4. For FortiSandbox 4.2 and 4.0, users should migrate to a fixed release.

Added: Feb 10, 2026, 4:18 PM

Updated: Feb 10, 2026, 4:18 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.8

exploitability

6.0

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.8

exploitability

6.0

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiSandbox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating