Multiple security vulnerabilities affecting FortiSandbox versions and Fixes** have been identified in FortiSandbox, a product used for malware scanning. Affected version ranges include 5.0.0 through 5.0.2 and 4.4.3 through 4.4.8. The overall risk/impact is high due to the potential for information disclosure and undermining of malware analysis integrity.
CVE-2026-59835 (CVSS 7.7 — High Severity): An attacker can send crafted network requests and reach the VNC server tied to scanning VMs without needing any credentials, opening the door to information disclosure. This is a network-based attack requiring low complexity and no user interaction.[/subscribe_to_unlock_form]
Multiple security vulnerabilities affecting FortiSandbox versions and Fixes** have been identified in FortiSandbox, a product used for malware scanning. Affected version ranges include 5.0.0 through 5.0.2 and 4.4.3 through 4.4.8. The overall risk/impact is high due to the potential for information disclosure and undermining of malware analysis integrity.
CVE-2026-59835 (CVSS 7.7 — High Severity): An attacker can send crafted network requests and reach the VNC server tied to scanning VMs without needing any credentials, opening the door to information disclosure. This is a network-based attack requiring low complexity and no user interaction.[emaillocker id="1283"]
CVE-2026-25089 (CVSS 9.1 — Critical Severity): A critical OS command injection flaw allows unauthenticated remote attackers to compromise the platform. These vulnerabilities collectively present a significant risk to organizations running on-premises appliances of affected hardware models, FSA-500G and FSA-1500G. Administrators should prioritize patching these systems to prevent unauthorized access. These vulnerabilities collectively present a significant risk to organizations running on-premises appliances of affected hardware models, FSA-500G and FSA-1500G.
These vulnerabilities collectively present a significant risk to organizations running on-premises appliances of affected hardware models, FSA-500G and FSA-1500G.
We recommend you to upgrade FortiSandbox to version 5.0.3 or above or 4.4.9 or above.
The following reports contain further technical details:
[/emaillocker]