【Vulnerability Alert】Critical Security Vulnerability in Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS (CVE-2026-26083)

• Subject: 【Vulnerability Alert】Critical Security Vulnerability in Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS (CVE-2026-26083)

• Description:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Advisory TWCERTCC-200-202605-00000009
  • A missing authentication vulnerability (CVE-2026-26083, CVSS: 9.8) exists in the web interface of Fortinet's FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. This may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
• Affected Platforms:
  • FortiSandbox versions 5.0.0 to 5.0.1, FortiSandbox versions 4.4.0 to 4.4.8, all versions of FortiSandbox Cloud 24, all versions of FortiSandbox Cloud 23, FortiSandbox Cloud versions 5.0.2 to 5.0.5, all versions of FortiSandbox PaaS 23.4, 23.3, 23.1, 22.2, 22.1, 21.4, 21.3, FortiSandbox PaaS versions 5.0.0 to 5.0.1, and FortiSandbox PaaS versions 4.4.5 to 4.4.8
• Recommended Actions:
  • Please update to the following versions: FortiSandbox version 5.0.2 and later, FortiSandbox version 4.4.9 and later, FortiSandbox Cloud version 5.0.6 and later, FortiSandbox PaaS version 5.0.2 and later, FortiSandbox PaaS version 4.4.9 and later

Computer and Communication Center
Network Systems Division