Description
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.
Published: 2026-04-14
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data deletion and service disruption by privileged user
Action: Patch
AI Analysis

Impact

An improper limitation of a pathname to a restricted directory allows an attacker with super‑admin privileges and CLI access to delete any directory through crafted HTTP requests. The flaw can lead to loss of sandbox data and disruption of security monitoring activities. The weakness is a classic path traversal (CWE‑22).

Affected Systems

Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS are affected. Vulnerable versions include FortiSandbox 5.0.0–5.0.5, 4.4.0–4.4.8, and all 4.2.x releases; FortiSandbox Cloud 5.0.4; FortiSandbox PaaS 5.0.4.

Risk and Exploitability

The CVSS score is 6.2, indicating medium severity. Exploitation requires super‑admin credentials and CLI access, which limits the attack surface to internal or privileged users. While EPSS data is not available and the vulnerability is not listed in KEV, the potential to delete critical directories makes it a significant risk for affected installations.

Generated by OpenCVE AI on April 14, 2026 at 17:41 UTC.

Remediation

Vendor Solution

Fortinet remediated this issue in FortiSandbox Cloud version 5.0.5 and hence customers do not need to perform any action. Upgrade to upcoming FortiSandbox version 5.2.0 or above Upgrade to FortiSandbox version 5.0.6 or above Upgrade to FortiSandbox version 4.4.9 or above Upgrade to FortiSandbox PaaS version 5.0.5 or above

OpenCVE Recommended Actions

  • If running FortiSandbox Cloud, ensure you are on version 5.0.5 or newer—no action required thereafter.
  • If using FortiSandbox Cloud 5.0.4 or older, upgrade to 5.0.5 or newer immediately.
  • If using FortiSandbox 5.0.x, upgrade to version 5.0.6 or newer.
  • If using FortiSandbox 4.4.x, upgrade to version 4.4.9 or newer.
  • If using FortiSandbox 4.2.x, upgrade to version 5.2.0 or newer.
  • If using FortiSandbox PaaS 5.0.4, upgrade to 5.0.5 or newer.

Generated by OpenCVE AI on April 14, 2026 at 17:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortisandbox Paas
Vendors & Products Fortinet fortisandbox Paas

Wed, 15 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title Path Traversal Enables Deletion of Arbitrary Directories in FortiSandbox

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.
First Time appeared Fortinet
Fortinet fortisandbox
Fortinet fortisandboxcloud
Fortinet fortisandboxpaas
Weaknesses CWE-22
CPEs cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortisandbox
Fortinet fortisandboxcloud
Fortinet fortisandboxpaas
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H/E:F/RL:O/RC:C'}

Subscriptions

Fortinet Fortisandbox Fortisandbox Paas Fortisandboxcloud Fortisandboxpaas
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-04-14T16:46:16.085Z

Reserved: 2026-02-05T08:56:55.794Z

Link: CVE-2026-25691

cve-icon Vulnrichment

Updated: 2026-04-14T16:37:20.807Z

cve-icon NVD

Status : Received

Published: 2026-04-14T16:16:37.623

Modified: 2026-04-14T16:16:37.623

Link: CVE-2026-25691

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:02:58Z

Weaknesses