Primary

Context

Fortinet FortiSandbox Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Fortinet FortiSandbox versions 5.0.0 through 5.0.4, as well as all versions of FortiSandbox 4.4, 4.2, and 4.0. This vulnerability allows an authenticated attacker to proxy internal requests, but only to plaintext endpoints, by sending crafted HTTP requests.

Impact

Exploitation of this vulnerability could lead to improper access control, allowing authenticated attackers to manipulate internal requests and potentially access restricted resources.

Remediation

Users of Fortinet FortiSandbox 5.0 should upgrade to version 5.0.5 or above. Users on FortiSandbox 4.4, 4.2, or 4.0 should migrate to a fixed release.

Added: Jan 13, 2026, 5:26 PM

Updated: Jan 13, 2026, 5:26 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiSandbox Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiSandbox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating