CVE-2021-26105 MEDIUM

CVE-2021-26105

Vendor Fortinet
Product FortiSandbox
Weakness CWE-358
Published March 24, 2025
Last update March 31, 2025

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:X

What the vulnerability does

01Description

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.

Key dates

02Disclosure timeline

March 24, 2025 CVE published
March 31, 2025 Record updated