A critical vulnerability has been identified in Fortinet's FortiSandbox platform, posing a severe risk to enterprise networks. This flaw, designated as CVE-2026-26083, allows attackers to execute arbitrary code or commands remotely without needing any credentials. Fortinet disclosed this issue on May 12, 2026, rating it with a CVSSv3 score of 9.1, which indicates its critical severity. The problem originates from a missing authorization check in the FortiSandbox Web UI, affecting its on-premises, cloud, and Platform-as-a-Service variants. Because of this missing check, remote attackers can send crafted HTTP requests to execute unauthorized actions on the system. The lack of authentication requirements combined with the absence of user interaction makes this vulnerability particularly dangerous. The impact extends to the confidentiality, integrity, and availability of the system. FortiSandbox is extensively used in enterprise settings for malware analysis and threat detection. Thus, any compromise could severely disrupt an organization's threat detection capabilities. Fortinet discovered and reported the vulnerability internally, thanks to researcher Adham El Karn from their Product Security team. Although there have been no reports of this vulnerability being exploited in the wild so far, its critical nature makes it highly susceptible to future attacks. Security teams are urged to apply the necessary patches immediately. Organizations using outdated versions of FortiSandbox PaaS that cannot be directly upgraded should prioritize migrating to a supported release as soon as possible.