VYPR
Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 15, 2026

CVE-2026-26083

CVE-2026-26083

Description

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Fortinet/Fortisandboxllm-fuzzy2 versions
    >=4.4.0, <=5.0.1 and others+ 1 more
    • (no CPE)range: >=4.4.0, <=5.0.1 and others
    • (no CPE)range: >=5.0.2, <=5.0.5

Patches

Vulnerability mechanics

References

1

News mentions

5