Volerion logoVolerion
Volerion logoVolerion

Fortinet FortiSandbox Missing Authorization Vulnerability Allowing Unauthenticated Code Execution

Vulnerability

A missing authorization vulnerability has been identified in multiple Fortinet FortiSandbox products, including FortiSandbox 5.0 (versions 5.0.0 through 5.0.1), FortiSandbox 4.4 (versions 4.4.0 through 4.4.8), FortiSandbox Cloud 5.0 (versions 5.0.2 through 5.0.5), and various FortiSandbox PaaS releases. This vulnerability may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution or command execution on the affected system.

Remediation

Users of Fortinet FortiSandbox 5.0 should upgrade to version 5.0.2 or above. Users of Fortinet FortiSandbox 4.4 should upgrade to version 4.4.9 or above. FortiSandbox Cloud users should migrate to a fixed release. FortiSandbox PaaS users should migrate to a fixed release.

Added: May 12, 2026, 6:38 PM
Updated: May 12, 2026, 6:38 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
7.5
exploitability
7.0
remediation
7.7
relevance
8.2
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.