A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-26-145 |
|
History
Thu, 16 Jul 2026 07:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Unauthenticated VNC Server Access via Resource Exposure in FortiSandbox |
Tue, 14 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests. | |
| First Time appeared |
Fortinet
Fortinet fortisandbox |
|
| Weaknesses | CWE-668 | |
| CPEs | cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:* |
|
| Vendors & Products |
Fortinet
Fortinet fortisandbox |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: fortinet
Published: 2026-07-14T15:12:20.855Z
Updated: 2026-07-16T07:35:10.603Z
Reserved: 2026-07-07T15:21:25.057Z
Link: CVE-2026-59835
Updated: 2026-07-14T15:55:20.974Z
No data.
No data.