Threat Advisory

Fortinet FortiSandbox VNC Servers Exposed to Unauthorized Access

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities affecting FortiSandbox versions and Fixes** have been identified in FortiSandbox, a product used for malware scanning. Affected version ranges include 5.0.0 through 5.0.2 and 4.4.3 through 4.4.8. The overall risk/impact is high due to the potential for information disclosure and undermining of malware analysis integrity.

CVE-2026-59835 (CVSS 7.7 — High Severity): An attacker can send crafted network requests and reach the VNC server tied to scanning VMs without needing any credentials, opening the door to information disclosure. This is a network-based attack requiring low complexity and no user interaction.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities affecting FortiSandbox versions and Fixes** have been identified in FortiSandbox, a product used for malware scanning. Affected version ranges include 5.0.0 through 5.0.2 and 4.4.3 through 4.4.8. The overall risk/impact is high due to the potential for information disclosure and undermining of malware analysis integrity.

CVE-2026-59835 (CVSS 7.7 — High Severity): An attacker can send crafted network requests and reach the VNC server tied to scanning VMs without needing any credentials, opening the door to information disclosure. This is a network-based attack requiring low complexity and no user interaction.[emaillocker id="1283"]

CVE-2026-25089 (CVSS 9.1 — Critical Severity): A critical OS command injection flaw allows unauthenticated remote attackers to compromise the platform. These vulnerabilities collectively present a significant risk to organizations running on-premises appliances of affected hardware models, FSA-500G and FSA-1500G. Administrators should prioritize patching these systems to prevent unauthorized access. These vulnerabilities collectively present a significant risk to organizations running on-premises appliances of affected hardware models, FSA-500G and FSA-1500G.

These vulnerabilities collectively present a significant risk to organizations running on-premises appliances of affected hardware models, FSA-500G and FSA-1500G.

RECOMMENDATION:

We recommend you to upgrade FortiSandbox to version 5.0.3 or above or 4.4.9 or above.

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu