Unauthenticated VNC access exposed on all interfaces
Summary
CVSSv3 Score: 7.7 An Exposure of Resource to Wrong Sphere vulnerability [CWE-668] in FortiSanbox may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests. Revised on 2026-07-14 00:00:00
- FortiSandbox 5.0: 5.0.0 through 5.0.2
- FortiSandbox 4.4: 4.4.3 through 4.4.8
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- FortiSandbox 5.0: 5.0.3
- FortiSandbox 4.4: 4.4.9
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Upgrade per the Affected/Solution table: FortiSandbox 5.0: 5.0.3; FortiSandbox 4.4: 4.4.9.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.