CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-26083

unknowncovered by 1 sourcefirst seen 2026-05-12
CVSSv3 Score: 9.1 A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. Revised on 2026-05-12 00:00:00

CSIRTS triage

What
A missing authorization vulnerability allows unauthenticated attackers to execute unauthorized commands.
Who is affected
Unauthenticated users accessing the FortiSandbox WEB UI.
Urgency
Remediation is critical due to the high severity of the vulnerability.
Action
Implement security measures to restrict access until a patch is available.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-26083

Get an email if CVE-2026-26083 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-26083

CVE.org record

Embed the live status

CVE-2026-26083 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-26083 status](https://www.csirts.com/badge/CVE-2026-26083)](https://www.csirts.com/cve/CVE-2026-26083)