CVE-2026-59835
HIGH
7.7
CVSS 3.1
Description
A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.
Metadata
Severity & Metrics
7.7
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Fortinet | FortiSandbox | — | 5.0.0 ≤ 5.0.2, 4.4.3 ≤ 4.4.8 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-668 | cna | Information disclosure |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.7 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
References (1)
- https://fortiguard.fortinet.com/psirt/FG-IR-26-145 https://fortiguard.fortinet.com/psirt/FG-IR-26-145