Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
FortiSandbox Vulnerability Exposes VNC Servers

FortiSandbox Vulnerability Exposes VNC Servers

Posted on July 14, 2026 By CWS

Fortinet has announced a significant security vulnerability within its FortiSandbox product that could permit unauthorized access to the virtual machine VNC servers used in malware scanning processes. Identified as CVE-2026-59835, this vulnerability is rated with a CVSSv3 score of 7.7, indicating its high severity.

Details of the Vulnerability

The flaw is categorized under CWE-668 as an Exposure of Resource to Wrong Sphere. It enables attackers to craft specific network requests that grant access to the VNC server linked with scanning virtual machines, bypassing any credential requirements. This presents a risk of information exposure due to the low complexity required for executing the attack and the absence of user interaction.

FortiSandbox’s design, which utilizes isolated virtual machines for the purpose of safely detonating and analyzing suspicious files, is compromised by this vulnerability. Unauthorized access to these VNC servers could allow attackers to observe or manipulate the sandboxed environments, jeopardizing the integrity of malware analysis efforts and potentially exposing sensitive data.

Versions Affected and Mitigation Measures

Specific versions of FortiSandbox are impacted. FortiSandbox version 5.0, specifically builds 5.0.0 through 5.0.2, requires an upgrade to version 5.0.3 or later. Similarly, version 4.4 builds 4.4.3 through 4.4.8 should be updated to 4.4.9 or above. It is important to note that FortiSandbox PaaS deployments remain unaffected, so no action is necessary for those users.

However, organizations using the on-premises hardware models FSA-500G and FSA-1500G are urged to apply patches promptly to mitigate potential risks. Fortinet has recognized the INPS security team for their role in discovering and responsibly disclosing this vulnerability in accordance with the company’s coordinated disclosure protocol.

Recent Security Concerns with FortiSandbox

This vulnerability disclosure is part of a series of security issues Fortinet has tackled within the FortiSandbox platform this year. Previous vulnerabilities include a critical OS command injection flaw (CVE-2026-25089) with a CVSS score of 9.1, and a missing authorization issue in the Web UI, both of which also allowed remote, unauthenticated attackers to compromise the system.

As of the advisory FG-IR-26-145 published on July 14, 2026, there have been no reports of this latest vulnerability being exploited in live environments. Organizations are advised to stay vigilant and ensure their systems are updated to protect against these threats.

To enhance your security operations center (SOC) capabilities, consider integrating advanced tools like ANY.RUN for accelerated threat detection and rapid investigations.

Cyber Security News Tags:CVE-2026-59835, Cybersecurity, Fortinet, FortiSandbox, information disclosure, malware analysis, network security, security patch, VNC servers, vulnerability management

Post navigation

Previous Post: Hackers Use Fake OAuth IDs to Target Entra ID Users

Related Posts

Evilmouse: A  Device Breaches System Security Evilmouse: A $44 Device Breaches System Security Cyber Security News
AI Crawlers Reshape The Internet With Over 30% of Global Web Traffic AI Crawlers Reshape The Internet With Over 30% of Global Web Traffic Cyber Security News
New Stealth Malware Campaign Targets Key Sectors New Stealth Malware Campaign Targets Key Sectors Cyber Security News
Microsoft 365 Outage Blocks Access to Teams, Exchange Online, and Admin Center Microsoft 365 Outage Blocks Access to Teams, Exchange Online, and Admin Center Cyber Security News
Microsoft Defender XDR New Advanced Hunting Tables for Email and Cloud Protections Microsoft Defender XDR New Advanced Hunting Tables for Email and Cloud Protections Cyber Security News
WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • FortiSandbox Vulnerability Exposes VNC Servers
  • Hackers Use Fake OAuth IDs to Target Entra ID Users
  • Microsoft Addresses Record 622 Vulnerabilities, Including Two Critical Zero-Days
  • Tego AI Exposes Potential Risks in Claude Tag Integration
  • Security Flaw in Claude for Chrome Allows Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • FortiSandbox Vulnerability Exposes VNC Servers
  • Hackers Use Fake OAuth IDs to Target Entra ID Users
  • Microsoft Addresses Record 622 Vulnerabilities, Including Two Critical Zero-Days
  • Tego AI Exposes Potential Risks in Claude Tag Integration
  • Security Flaw in Claude for Chrome Allows Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark