SB20260414122 - Insufficiently protected credentials in FortiSandbox

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260414122

SB20260414122 - Insufficiently protected credentials in FortiSandbox

Published: April 14, 2026

Security Bulletin ID SB20260414122
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Insufficiently protected credentials (CVE-ID: CVE-2026-27316)

CWE-ID: CWE-522 - Insufficiently Protected Credentials

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to insufficiently protected credentials in LDAP configuration web page. An authenticated administrator can read LDAP server credentials via client-side inspection.


Remediation

Install update from vendor's website.

References