Vulnerability Description
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortisandbox | >= 4.4.0, < 4.4.9 |
| Fortinet | Fortisandbox Cloud | >= 5.0.2, < 5.0.6 |
| Fortinet | Fortisandbox Paas | >= 4.4.5, < 4.4.9 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-26-136Vendor Advisory
FAQ
What is CVE-2026-26083?
CVE-2026-26083 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, Forti...
How severe is CVE-2026-26083?
CVE-2026-26083 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-26083?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortisandbox, Fortinet Fortisandbox Cloud, Fortinet Fortisandbox Paas.