PT-2026-58073 · Fortinet · Fortisandbox
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-59835
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
FortiSandbox versions 5.0.0 through 5.0.2
FortiSandbox versions 4.4.3 through 4.4.8
Description
An exposure of resource to wrong sphere issue allows an unauthenticated attacker to access the VNC server of virtual machines performing scanning via crafted network requests. This flaw enables access without credentials or user interaction, potentially leading to the exposure of sensitive sandbox data.
Recommendations
Update FortiSandbox versions 5.0.0 through 5.0.2 to version 5.0.3 or later.
Update FortiSandbox versions 4.4.3 through 4.4.8 to version 4.4.9 or later.
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisandbox