PT-2026-58073 · Fortinet · Fortisandbox

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-59835

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.2 FortiSandbox versions 4.4.3 through 4.4.8
Description An exposure of resource to wrong sphere issue allows an unauthenticated attacker to access the VNC server of virtual machines performing scanning via crafted network requests. This flaw enables access without credentials or user interaction, potentially leading to the exposure of sensitive sandbox data.
Recommendations Update FortiSandbox versions 5.0.0 through 5.0.2 to version 5.0.3 or later. Update FortiSandbox versions 4.4.3 through 4.4.8 to version 4.4.9 or later.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59835

Affected Products

Fortisandbox