Print - 【Vulnerability Alert】Fortinet’s FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS contain a critical information security vulnerability (CVE-2026-26083)

【Vulnerability Alert】Fortinet’s FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS contain a critical information security vulnerability (CVE-2026-26083)

publish date : 2026-05-15 update date : 2026-05-15

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026051404051414	Publication Time	2026-05-14 16:57:15
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026-05-14 16:57:15
Impact Level	Low
[Subject] 【Vulnerability Alert】Fortinet’s FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS contain a critical information security vulnerability (CVE-2026-26083)
[Content] Forwarded from TWCERTCC-200-202605-00000009 The web interfaces of Fortinet’s FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS contain a missing authorization vulnerability (CVE-2026-26083, CVSS: 9.8), which may allow unauthenticated attackers to execute unauthorized code or commands through HTTP requests. Information Sharing Level: WHITE (The information content is information that may be publicly disclosed)
[Affected Platform] FortiSandbox versions 5.0.0 to 5.0.1, FortiSandbox versions 4.4.0 to 4.4.8, all versions of FortiSandbox Cloud 24, all versions of FortiSandbox Cloud 23, FortiSandbox Cloud versions 5.0.2 to 5.0.5, all versions of FortiSandbox PaaS 23.4, all versions of FortiSandbox PaaS 23.3, all versions of FortiSandbox PaaS 23.1, all versions of FortiSandbox PaaS 22.2, all versions of FortiSandbox PaaS 22.1, all versions of FortiSandbox PaaS 21.4, all versions of FortiSandbox PaaS 21.3, FortiSandbox PaaS versions 5.0.0 to 5.0.1, FortiSandbox PaaS versions 4.45 to 4.4.8
[Recommended Actions] Please update to the following versions: FortiSandbox 5.0.2 (inclusive) or later versions, FortiSandbox 4.4.9 (inclusive) or later versions, FortiSandbox Cloud 5.0.6 (inclusive) or later versions, FortiSandbox PaaS 5.0.2 (inclusive) or later versions, FortiSandbox PaaS 4.4.9 (inclusive) or later versions
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center