CVE-2026-26083
· CVE-2026-26083: A remote, unauthenticated attacker without any privileges or user interaction can exploit this critical vulnerability in the GUI of FortiSandbox to use HTTP requests to execute unauthorized code. This vulnerability stems from missing authorization. · CVE-2025-53844: A remote, authenticated attacker with low privileges and without user interaction can use custom crafted packets to exploit this high criticality vulnerability in the capwap daemon of the FortiOS to gain execution privileges on the Fortigate device and execute unauthorized code. This vulnerability stems from an out-of-bounds write. · CVE-2025-53870, CVE-2025-53680: An authenticated attacker in the local network, can use specially crafted cli commands to exploit one of these two medium criticality vulnerabilities in FortiAP and FortiAP-W2 to elevate their privileges and execute commands without authorization. These vulnerabilities stem from improper neutralization of special elements used in an os command. · CVE-2025-67604: A remote, authenticated attacker can use custom HTTP requests to exploit this medium criticality vulnerability in FortiManager API and FortiAnalyzer to make the sustem crash and cause Denial of Service. This can only occur if there is an alignment of internal locks, which is not controlable by the attacker. This vulnerability stems from the use of potentially Dangerous Function.
EPSS 0.06% · 20.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| FortiOS | FortiOS 7.6, 7.4, 7.2 | |
| FortiAnalyzer | FortiAnalyzer 7.6.0 - 7.6.4, 7.4.0 - 7.4.8, 7.2, | |
| FortiManager | FortiManager 7.6.0 - 7.6.4, 7.4.0 - 7.4.8, 7.2 | |
| FortiAP | FortiAP 7.6, 7.4, 7.2, 6.4 and FortiAP-W2 7.4, 7.2 | |
| FortiSandbox | FortiSandbox Cloud 24, 23, 5.0 | |
| FortiSandbox | FortiSandbox PaaS 23.4, 23.3, 23.1, 22.2, 22.1, 21.4, 21.3, 5.0, 4.4 | |
| FortiSandbox | FortiSandbox 5.0, 4.4 |
Timeline
- May 12, 2026 CVE Published
- May 13, 2026 PoC Published
- May 13, 2026 Security Advisory
- May 13, 2026 PoC Published
- May 15, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
References
- https://ccb.belgium.be/advisories/warning-multiple-critical-high-and-medium-vulnerabilities-fortinet-fortisandbox-fortios advisory
- https://www.fortiguard.com/psirt/FG-IR-26-136 vendor
- https://www.fortiguard.com/psirt/FG-IR-26-123 vendor
- https://www.fortiguard.com/psirt/FG-IR-26-133 vendor
- https://www.fortiguard.com/psirt/FG-IR-26-131 vendor
- https://www.fortiguard.com/psirt/FG-IR-26-137 vendor
- https://nvd.nist.gov/vuln/detail/CVE-2026-26083 technical
- https://nvd.nist.gov/vuln/detail/CVE-2025-53844 technical
- https://nvd.nist.gov/vuln/detail/CVE-2025-53870 technical
- https://nvd.nist.gov/vuln/detail/CVE-2025-53680 technical
- https://nvd.nist.gov/vuln/detail/CVE-2025-67604 technical