Main Vulnerability Database Vulnerabilities #VU125998

#VU125998 Insufficiently protected credentials in FortiSandbox - CVE-2026-27316

Published: April 14, 2026

Vulnerability identifier: #VU125998

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-27316

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiSandbox

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to insufficiently protected credentials in LDAP configuration web page. An authenticated administrator can read LDAP server credentials via client-side inspection.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-26-113

#VU125998 Insufficiently protected credentials in FortiSandbox - CVE-2026-27316

Description

Remediation

External links

Please verify you're human