Main Vulnerability Database Vulnerabilities #VU125998

Insufficiently protected credentials in FortiSandbox - CVE-2026-27316

Published: April 14, 2026

Vulnerability identifier: #VU125998

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-27316

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiSandbox

Detailed vulnerability description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to insufficiently protected credentials in LDAP configuration web page. An authenticated administrator can read LDAP server credentials via client-side inspection.

How to mitigate CVE-2026-27316

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-26-113

Insufficiently protected credentials in FortiSandbox - CVE-2026-27316

Detailed vulnerability description

How to mitigate CVE-2026-27316

Sources

Please verify you're human