Exposure of Resource to Wrong Sphere in FortiSandbox - CVE-2026-59835
Published: July 14, 2026
Vulnerability identifier: #VU137522
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-59835
CWE-ID: CWE-668
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Fortinet, Inc
Affected software:
FortiSandbox
FortiSandbox
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read, manipulate or delete data.
The vulnerability exists due to exposure of resource to wrong sphere on all interfaces. An unauthenticated attacker can access the VNC server of VMs performing scanning via network requests.
How to mitigate CVE-2026-59835
Install update from vendor's website.