wid-sec-w-2026-0679 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Fortinet FortiSandbox: Multiple Vulnerabilities

CVSS 7.2 HIGH

Risk Summary

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests.

CVEs (2)

CVE-2025-53608 CVE-2026-25836

Affected Vendors

Fortinet

Affected Products (8)

Fortinet · FortiSandbox <4.4.8

Fortinet · FortiSandbox 4.4.8

Fortinet · FortiSandbox <5.0.3

Fortinet · FortiSandbox 5.0.3

Fortinet · FortiSandbox Cloud <5.0.5

Fortinet · FortiSandbox Cloud 5.0.5

Fortinet · FortiSandbox PaaS <5.0.5

Fortinet · FortiSandbox PaaS 5.0.5

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more