CVE-2026-59835 PUBLISHED

Assigner: fortinet
Reserved: 07.07.2026 Published: 14.07.2026 Updated: 14.07.2026

A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C
CVSS Score: 7.7

Product Status

Vendor Fortinet
Product FortiSandbox
Versions Default: unaffected
  • affected from 5.0.0 to 5.0.2 (incl.)
  • affected from 4.4.3 to 4.4.8 (incl.)

Solutions

Upgrade to FortiSandbox version 5.0.3 or above Upgrade to FortiSandbox version 4.4.9 or above

References

Problem Types

  • Information disclosure CWE