First published: Mon Mar 24 2025(Updated: )
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiSandbox Firmware | <=3.2.2 | |
Fortinet FortiSandbox Firmware | <=3.1.4 |
Upgrade to FortiSandbox 4.0.1 or above. Upgrade to FortiSandbox 3.2.3 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-26105 is classified as a critical vulnerability due to the potential for unauthorized code execution.
To fix CVE-2021-26105, upgrade FortiSandbox to version 3.2.3 or later, or version 3.1.5 or later.
Any user running FortiSandbox version 3.2.2 or lower, or version 3.1.4 or lower is affected by CVE-2021-26105.
An attacker can execute arbitrary code or commands through specially crafted HTTP requests due to CVE-2021-26105.
Yes, an attacker must be authenticated to exploit CVE-2021-26105.