What is CVE-2024-54026?

CVE-2024-54026 is a medium-severity vulnerability in Fortinet Fortisandbox, classified under SQL Injection. CVSS score: 4.1/10. Published 2025-03-11.

How severe is CVE-2024-54026?

Medium severity. CVSS v3 base score is 4.1 out of 10.

SQL Injection in Fortinet Fortisandbox

CVE-2024-54026

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox…

Vulnerability class: SQL Injection

EPSS: 0.003 (55.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C.

Affected products

Fortinet Fortisandbox — versions 4.4.0, 4.2.1, 4.0.0
Fortinet Fortisandbox Cloud — versions 24.1

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-353

Frequently asked questions

What is CVE-2024-54026?: CVE-2024-54026 is a medium-severity vulnerability in Fortinet Fortisandbox, classified under SQL Injection. CVSS score: 4.1/10. Published 2025-03-11.
How severe is CVE-2024-54026?: Medium severity. CVSS v3 base score is 4.1 out of 10.