Critical Fortinet FortiSandbox Vulnerability Exposes Networks to Remote Code Execution

Severity: High (Score: 78.0)

Sources: Bleepingcomputer, fortiguard.fortinet.com, Cybersecuritynews

Summary

On May 12, 2026, Fortinet disclosed a critical vulnerability (CVE-2026-26083) in its FortiSandbox platform, allowing unauthenticated attackers to execute arbitrary code remotely. This flaw affects FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS, posing a significant risk to enterprise networks. The vulnerability has been assigned a CVSSv3 score of 9.1, indicating its severity. In addition to FortiSandbox, Fortinet released advisories for four other vulnerabilities across its products, including FortiAP and FortiOS. Organizations using these systems are urged to apply patches immediately to mitigate risks. The advisory highlights the potential for widespread exploitation if not addressed promptly. Fortinet's response includes detailed guidance for remediation. Security professionals should prioritize this issue to protect their networks from potential attacks. Key Points: • CVE-2026-26083 allows unauthenticated remote code execution in FortiSandbox. • Fortinet assigned a CVSSv3 score of 9.1 to this critical vulnerability. • Immediate patching is recommended for affected Fortinet products to mitigate risks.

Key Entities

• Zero-day Exploit (attack_type)
• Fortinet (company)
• CVE-2026-21643 (cve)
• CVE-2026-26083 (cve)
• CVE-2026-35616 (cve)
• CVE-2026-44277 (cve)
• CWE-287 - Improper Authentication (cwe)
• CWE-862 - Missing Authorization (cwe)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• FortiAP (platform)
• FortiAuthenticator (platform)
• FortiAuthenticator Cloud (platform)
• FortiOS (platform)
• FortiSandbox (platform)