Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000009

[Content Description]
A lack of authorization vulnerability (CVE-2026-26083, CVSS: 9.8) exists in the web interfaces of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS, all owned by Fortinet. This vulnerability could allow unauthenticated attackers to execute unauthorized code or commands via HTTP requests.

[Affected Platforms]
FortiSandbox versions 5.0.0 to 5.0.1, FortiSandbox versions 4.4.0 to 4.4.8, all versions of FortiSandbox Cloud 24, all versions of FortiSandbox Cloud 23, fortiSandbox Cloud versions 5.0.2 to 5.0.5, all versions of FortiSandbox PaaS 23.4, all versions of FortiSandbox PaaS 23.3, all versions of FortiSandbox PaaS 23.1, all versions of FortiSandbox PaaS 22.2, all versions of FortiSandbox PaaS 22.1, all versions of FortiSandbox PaaS 21.4, all versions of FortiSandbox PaaS 21.3, fortiSandbox PaaS versions 5.0.0 to 5.0.1, FortiSandbox PaaS Versions 4.45 to 4.4.8

[Recommended Action]
Please update to the following versions: FortiSandbox 5.0.2 (inclusive) and later, FortiSandbox 4.4.9 (inclusive) and later, FortiSandbox Cloud 5.0.6 (inclusive) and later, FortiSandbox PaaS 5.0.2 (inclusive) and later, FortiSandbox PaaS 4.4.9 (inclusive) and later.