Description

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.

Related CPE's

a

fortinet

fortisandbox

Vulnerable

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-783

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

3.8 · Low

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-13T17:15:58.873Z

34 hours ago

Last modified

2026-01-14T21:38:01.700Z

6 hours ago