threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fortinet fortisandbox
Product
fortinet fortisandbox
58 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-26083
>= 4.4.0 and < 4.4.9
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox
9.8
CRITICAL
CVE-2026-39813
>= 4.4.0 and < 4.4.9
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may al
9.8
CRITICAL
CVE-2026-39812
>= 4.2.0 and <= 4.2.8
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.
4.8
MEDIUM
CVE-2026-39808
>= 4.4.0 and <= 4.4.9
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbo
9.8
CRITICAL
CVE-2026-27316
>= 4.4.0 and < 5.0.6
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions,
2.7
LOW
CVE-2026-25691
>= 4.2.0 and < 4.4.9
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 thro
6.7
MEDIUM
CVE-2025-61886
>= 5.0.0 and < 5.0.5
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fo
5.4
MEDIUM
CVE-2025-53608
>= 4.0.0 and < 4.4.8
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fo
4.8
MEDIUM
CVE-2025-52436
>= 4.0.0 and < 4.4.8
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fo
8.8
HIGH
CVE-2025-67685
>= 4.0.0 and < 5.0.5
A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSand
3.8
LOW
CVE-2025-54353
>= 4.0.0 and <= 4.0.6
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fo
5.4
MEDIUM
CVE-2025-53949
>= 4.0.0 and <= 4.0.6
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability
7.2
HIGH
CVE-2025-53679
>= 4.0.0 and < 4.4.8
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability
7.2
HIGH
CVE-2025-46215
>= 4.0.0 and < 4.4.8
An Improper Isolation or Compartmentalization vulnerability [CWE-653] in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4
5.3
MEDIUM
CVE-2024-27779
>= 3.2.0 and < 4.2.7
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox version 4.4.4 and below, version 4.2.6 and
6.7
MEDIUM
CVE-2021-26105
>= 3.1.0 and <= 3.1.4
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4
6.8
MEDIUM
CVE-2024-54027
>= 3.0.5 and < 4.0.6
A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, ve
8.2
HIGH
CVE-2024-54026
>= 3.0.0 and < 4.4.7
An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4
4.3
MEDIUM
CVE-2024-54018
>= 3.2.0 and < 4.4.6
Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5
7.2
HIGH
CVE-2024-52961
>= 3.0.0 and < 4.0.6
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox
8.8
HIGH
CVE-2024-52960
>= 3.0.0 and < 4.2.8
A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4
4.3
MEDIUM
CVE-2024-45328
>= 4.4.0 and < 4.4.7
An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator t
7.8
HIGH
CVE-2024-27781
>= 3.0.0 and < 4.0.5
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4
7.1
HIGH
CVE-2024-27778
>= 3.0.5 and < 4.0.5
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox
8.8
HIGH
CVE-2024-31490
>= 3.2.2 and < 4.2.7
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSan
4.3
MEDIUM
CVE-2024-31491
>= 4.2.0 and < 4.2.7
A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 t
8.8
HIGH
CVE-2024-31487
>= 2.4.0 and < 4.2.7
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 thro
5.9
MEDIUM
CVE-2024-23671
>= 4.0.0 and < 4.0.5
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 thro
8.1
HIGH
CVE-2024-21756
>= 4.0.0 and < 4.0.5
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbo
8.8
HIGH
CVE-2024-21755
>= 4.0.0 and < 4.0.5
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbo
8.8
HIGH
CVE-2023-47541
>= 2.0.0 and < 4.2.7
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 thr
6.7
MEDIUM
CVE-2023-47540
>= 3.0.5 and <= 3.0.7
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandb
6.7
MEDIUM
CVE-2023-45587
>= 3.1.0 and <= 3.1.5
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4
3.5
LOW
CVE-2023-41844
>= 3.0.0 and <= 3.0.7
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.
3.5
LOW
CVE-2023-41843
>= 2.5.0 and <= 2.5.2
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.
7.5
HIGH
CVE-2023-41836
>= 3.0.4 and <= 3.0.7
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4
3.5
LOW
CVE-2023-41682
>= 2.4.0 and <= 2.4.1
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0, For
8.1
HIGH
CVE-2023-41681
>= 2.5.0 and <= 2.5.2
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.
7.5
HIGH
CVE-2023-41680
>= 2.5.0 and <= 2.5.2
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.
7.5
HIGH
CVE-2022-22305
>= 3.0.0 and <= 3.0.7
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2
5.4
MEDIUM
CVE-2022-27487
>= 2.5.0 and < 3.2.4
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and For
8.8
HIGH
CVE-2022-27485
>= 3.0.1 and <= 3.0.7
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSan
6.5
MEDIUM
CVE-2022-26115
all versions
A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an at
5.9
MEDIUM
CVE-2022-30305
>= 3.1.0 and <= 3.1.5
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and For
3.7
LOW
CVE-2020-29013
<= 3.1.4
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attack
5.4
MEDIUM
CVE-2021-32591
>= 3.2.0 and <= 3.2.2
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox befor
5.3
MEDIUM
CVE-2020-29012
< 3.2.2
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexp
5.6
MEDIUM
CVE-2020-15939
< 3.1.5
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authe
4.3
MEDIUM
CVE-2021-24014
<= 3.1.4
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may
5.4
MEDIUM
CVE-2021-22124
>= 3.0.0 and < 3.0.7
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3
7.5
HIGH
CVE-2021-26096
<= 3.1.4
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated atta
6.4
MEDIUM
CVE-2021-26097
< 3.0.7
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 thro
8.8
HIGH
CVE-2020-29011
< 3.1.5
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2,
8.8
HIGH
CVE-2021-24010
>= 3.1.0 and < 3.1.5
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through
8.1
HIGH
CVE-2021-26098
<= 3.1.4
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a f
5.3
MEDIUM
CVE-2021-22125
< 3.2.2
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authent
6.3
MEDIUM
CVE-2020-29014
< 3.2.2
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox
6.3
MEDIUM
CVE-2018-1356
< 3.0.0
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthor
6.1
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin