SB2026071489 - Exposure of Resource to Wrong Sphere in FortiSandbox



SB2026071489 - Exposure of Resource to Wrong Sphere in FortiSandbox

Published: July 14, 2026

Security Bulletin ID SB2026071489
CSH Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2026-59835)

CWE-ID: CWE-668 - Exposure of resource to wrong sphere

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote non-authenticated attacker to read, manipulate or delete data.

The vulnerability exists due to exposure of resource to wrong sphere on all interfaces. An unauthenticated attacker can access the VNC server of VMs performing scanning via network requests.


Remediation

Install update from vendor's website.