FORTINET Security Advisory
Published Date: May 12, 2026
Advisory Summary
❗️ Critical Authorization Vulnerability in FortiSandbox Ecosystem
Fortinet has disclosed a severe security flaw (CVE-862) impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Web UI. The vulnerability stems from missing authorization checks, which could allow unauthenticated attackers to execute unauthorized commands or code through crafted HTTP requests. With a high CVSSv3 score of 9.1, this issue represents a critical risk to environments using these FortiSandbox products, potentially leading to compromise of data and system integrity.
Organizations leveraging FortiSandbox solutions should prioritize assessing their exposure and deploying any patches or mitigations provided by Fortinet immediately to safeguard their infrastructure against unauthorized access.
- Affects FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Web UI
- Missing authorization (CWE-862) can result in unauthorized code execution
- High severity with CVSSv3 score of 9.1
- Requires urgent patch application to prevent exploitation
Reference: Vendor Advisory