VDB

CVE-2026-26083

CVE-2026-26083 PUBLISHED CVSS 9.800000190734863 CRITICAL

· CVE-2026-26083: A remote, unauthenticated attacker without any privileges or user interaction can exploit this critical vulnerability in the GUI of FortiSandbox to use HTTP requests to execute unauthorized code. This vulnerability stems from missing authorization. · CVE-2025-53844: A remote, authenticated attacker with low privileges and without user interaction can use custom crafted packets to exploit this high criticality vulnerability in the capwap daemon of the FortiOS to gain execution privileges on the Fortigate device and execute unauthorized code. This vulnerability stems from an out-of-bounds write. · CVE-2025-53870, CVE-2025-53680: An authenticated attacker in the local network, can use specially crafted cli commands to exploit one of these two medium criticality vulnerabilities in FortiAP and FortiAP-W2 to elevate their privileges and execute commands without authorization. These vulnerabilities stem from improper neutralization of special elements used in an os command. · CVE-2025-67604: A remote, authenticated attacker can use custom HTTP requests to exploit this medium criticality vulnerability in FortiManager API and FortiAnalyzer to make the sustem crash and cause Denial of Service. This can only occur if there is an alignment of internal locks, which is not controlable by the attacker. This vulnerability stems from the use of potentially Dangerous Function.

EPSS 0.06% · 20.3th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.06%
20.3th percentile

Affected Products

VendorProductVersions
FortiOSFortiOS 7.6, 7.4, 7.2
FortiAnalyzerFortiAnalyzer 7.6.0 - 7.6.4, 7.4.0 - 7.4.8, 7.2,
FortiManagerFortiManager 7.6.0 - 7.6.4, 7.4.0 - 7.4.8, 7.2
FortiAPFortiAP 7.6, 7.4, 7.2, 6.4 and FortiAP-W2 7.4, 7.2
FortiSandboxFortiSandbox Cloud 24, 23, 5.0
FortiSandboxFortiSandbox PaaS 23.4, 23.3, 23.1, 22.2, 22.1, 21.4, 21.3, 5.0, 4.4
FortiSandboxFortiSandbox 5.0, 4.4

Timeline

  • May 12, 2026 CVE Published
  • May 13, 2026 PoC Published
  • May 13, 2026 Security Advisory
  • May 13, 2026 PoC Published
  • May 15, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›