Skip to main content

FortiSandbox CVE-2026-59835

| EUVDEUVD-2026-43710 HIGH
Exposure of Resource to Wrong Sphere (CWE-668)
2026-07-14 fortinet GHSA-8fjf-5954-r8w4
8.6
CVSS 3.1 · Vendor: fortinet
Share

Severity by source

Vendor (fortinet) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
vuln.today AI
8.6 HIGH

Unauthenticated network access to an exposed VNC service (AV:N/AC:L/PR:N) yields high confidentiality exposure of analysis sessions with limited integrity/availability impact via possible VM interaction.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (fortinet).

CVSS VectorVendor: fortinet

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

6
Analysis Updated
Jul 14, 2026 - 16:50 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 14, 2026 - 16:48 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 14, 2026 - 16:22 vuln.today
cvss_changed
CVSS changed
Jul 14, 2026 - 16:22 NVD
7.7 (HIGH) 8.6 (HIGH)
Analysis Generated
Jul 14, 2026 - 16:03 vuln.today
CVE Published
Jul 14, 2026 - 15:12 cve.org
HIGH 7.7

DescriptionCVE.org

A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.

AnalysisAI

Exposure of a scanning VM's VNC service in Fortinet FortiSandbox 5.0.0-5.0.2 and 4.4.3-4.4.8 lets an unauthenticated remote attacker reach the VNC server of the sandbox virtual machines used for malware detonation via ordinary network requests. Because these VMs run and observe live malware samples, unauthorized VNC access can expose sensitive analysis sessions and potentially allow interaction with the detonation environment. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach FortiSandbox on network
Delivery
Connect to exposed scanning-VM VNC
Exploit
Access detonation VM session
Execution
Observe/interact with sandbox
Impact
Disclose sensitive analysis data

Vulnerability AssessmentAI

Exploitation The exploit requires an attacker to have a network path to the FortiSandbox appliance's exposed VNC service belonging to the scanning VMs, and the appliance must be running an affected build (5.0.0-5.0.2 or 4.4.3-4.4.8). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L, base 8.6) indicates a low-complexity, network-reachable, unauthenticated attack with high confidentiality impact and lesser integrity/availability impact - a genuinely serious exposure if the appliance's VNC path is reachable from an attacker-controlled network. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to a FortiSandbox appliance sends crafted network requests to connect directly to the VNC server backing a scanning VM, without any credentials. Once connected, they can observe the live malware-detonation desktop session and potentially interact with the analysis environment, harvesting sensitive sample data or tampering with the sandbox verdict. …
Remediation Patch available per vendor advisory FG-IR-26-145 (https://fortiguard.fortinet.com/psirt/FG-IR-26-145) - upgrade FortiSandbox to a fixed release above the affected 5.0.2 and 4.4.8 branches as directed by Fortinet; the input data does not include an exact fixed version number, so confirm the target build directly from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all FortiSandbox instances running versions 4.4.3-4.4.8 or 5.0.0-5.0.2 and document current network exposure and usage patterns. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-39813 CRITICAL POC
9.8 Apr 14

Path traversal in Fortinet FortiSandbox 4.4.0-4.4.8 and 5.0.0-5.0.5 enables remote unauthenticated attackers to achieve

CVE-2026-26083 CRITICAL
9.8 May 12

Remote code execution in Fortinet FortiSandbox 4.4.x through 5.0.x (on-premises, Cloud, and PaaS deployments) allows una

CVE-2025-52436 HIGH
8.8 Feb 10

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerabi

CVE-2024-31491 HIGH
8.8 May 14

A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandb

CVE-2024-21756 HIGH
8.8 Apr 09

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F

CVE-2024-21755 HIGH
8.8 Apr 09

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F

CVE-2021-26096 HIGH
8.8 Aug 04

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenti

CVE-2021-26097 HIGH
8.8 Aug 04

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2,

CVE-2024-27781 HIGH
7.1 Feb 11

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiS

CVE-2024-54027 HIGH
8.2 Mar 17

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and

CVE-2024-23671 HIGH
8.1 Apr 09

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox

CVE-2023-41682 HIGH
7.5 Oct 13

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox

Share

CVE-2026-59835 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy