CVE-2026-27316

Published Apr 14, 2026

Last updated 8 days ago

CVSS low 2.7

Overview

Description: A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.
Source: psirt@fortinet.com
NVD status: Analyzed
Products: fortisandbox, fortisandbox_cloud

Risk scores

CVSS 3.1

Type: Secondary
Base score: 2.7
Impact score: 1.4
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

psirt@fortinet.com: CWE-522

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "69DCB6D2-21D3-4EE8-9A81-5DA8292EFB28",
            "versionEndExcluding": "5.0.6",
            "versionStartIncluding": "4.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:5.0.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "E5E86B19-95E8-4107-85DC-EFE47225418C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:5.0.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "FDAB696D-20A1-4C1A-8DD6-FDECD560AC9C",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References