Critical Fortinet FortiSandbox Vulnerability Enables Code Execution Attacks

HomeCyber Security Critical Fortinet FortiSandbox Vulnerability Enables Code Execution Attacks By Guru Baran May 12, 2026 A critical security flaw in Fortinet’s FortiSandbox platform is putting enterprise networks at serious risk, allowing unauthenticated attackers to execute arbitrary code or commands remotely, with no credentials required. Fortinet disclosed the vulnerability on May 12, 2026, under the identifier CVE-2026-26083 (FG-IR-26-136), assigning it a CVSSv3 score of 9.1, placing it firmly in the critical severity tier. The flaw stems from a missing authorization vulnerability in the FortiSandbox Web UI, affecting the on-premises, cloud, and Platform-as-a-Service (PaaS) variants of the product. Fortinet FortiSandbox Vulnerability The vulnerability exists in the GUI component of FortiSandbox’s web interface. Because of the missing authorization check, a remote, unauthenticated attacker can craft malicious HTTP requests to trigger unauthorized code or command execution on the underlying system. With no authentication restriction and no user interaction required, the attack surface is dangerously broad, and the potential impact spans confidentiality, integrity, and availability. FortiSandbox is widely deployed in enterprise environments as a core malware analysis and threat detection tool. Compromising it doesn’t just expose a single asset; it potentially blinds an organization’s entire threat detection pipeline. Affected Versions The vulnerability impacts a wide range of FortiSandbox deployments: FortiSandbox 5.0: Versions 5.0.0–5.0.1 — upgrade to 5.0.2 or above FortiSandbox 4.4: Versions 4.4.0–4.4.8 — upgrade to 4.4.9 or above FortiSandbox Cloud 24 and 23: All versions — migrate to a fixed release FortiSandbox Cloud 5.0: Versions 5.0.2–5.0.5 — upgrade to 5.0.6 or above FortiSandbox PaaS 5.0: Versions 5.0.0–5.0.1 — upgrade to 5.0.2 or above FortiSandbox PaaS 4.4: Versions 4.4.5–4.4.8 — upgrade to 4.4.9 or above Multiple legacy FortiSandbox PaaS versions (23.4, 23.3, 23.1, 22.2, 22.1, 21.4, 21.3): All versions affected — migrate to a fixed release immediately Fortinet internally discovered and reported the flaw through researcher Adham El Karn of the Fortinet Product Security team. While the vulnerability has not been observed to be exploited in the wild as of publication, its unauthenticated nature and critical CVSS score make it a prime candidate for rapid weaponization. Security teams are strongly urged to apply the available patches without delay. Organizations running legacy FortiSandbox PaaS versions with no direct upgrade path must prioritize migration to a supported fixed release. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager SAP Patches Critical SQL injection Vulnerability in SAP S/4HANA Top 10 Best Interactive Malware Analysis Tools in 2026 New NWHStealer Delivery Chain Uses Bun Loader, Anti-VM Checks, and Encrypted C2 Hackers Use PlugX-Like DLL Sideloading Chain in Fake Claude Malware Campaign Latest News Cyber Security News Open WebUI Vulnerability via File Upload Leads to 1-Click RCE Attack Cyber Security News Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager ANY.RUN No Blind Spots: How Top MSSPs Prevent Incidents withLive Threat Visibility Cyber Security News Threat Actors Leverage Vercel’s AI Tools to Mass‑Produce Realistic Phishing Sites Cyber Security News Zoom Rooms and Workplace Vulnerabilities Allow Attackers to Escalate Privileges