CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Incorrect global authorization

unknownCVE-2026-26083
CVSSv3 Score: 9.1 A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. Revised on 2026-05-12 00:00:00

CSIRTS triage

What
A missing authorization vulnerability allows unauthenticated attackers to execute unauthorized commands.
Who is affected
Unauthenticated users accessing the FortiSandbox WEB UI.
Urgency
Remediation is critical due to the high severity of the vulnerability.
Action
Implement security measures to restrict access until a patch is available.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch FortiSandbox

Get an email when a new FortiSandbox advisory drops — max one per day, one-click unsubscribe.

Details

Source
Fortinet FortiGuard PSIRT (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-05-12
Exploitation
Not in CISA KEV at last sync

Original advisory: https://fortiguard.fortinet.com/psirt/FG-IR-26-136

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-26083coverage & exploitation statusNVD · CVE.org

Recent advisories for Incorrect global authorization

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from Fortinet FortiGuard PSIRT