CVE

CVE-2026-26083

0field notes · 1digest CVSS 9.8

Daily digests

An unauthenticated attacker can execute arbitrary code on FortiSandbox by sending crafted HTTP requests. No credentials, no user interaction, just a network path to the management interface. This is a CVSS 9.8 and affects both on-prem FortiSandbox appliances and FortiSandbox Cloud/PaaS across a wide range of versions.

Patch Tuesday · May 13, 2026
Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more

CVE-2026-26083

Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more