Credential disclosure in LDAP configuration web page.

Credential disclosure in LDAP configuration web page. Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-26-113 Final 1 1 2026-04-14T00:00:00 Current version 2026-04-14T00:00:00 2026-04-14T00:00:00 An Insufficiently protected credentials vulnerability [CWE-522] in FortiSanbox and FortiSanbox PaaS GUI may allow an authenticated administrator to read LDAP server credentials via client-side inspection. None Information disclosure None Fortinet is pleased to thank Juampa Rodriguez from Red Electrica for reporting this vulnerability under responsible disclosure. FortiSandbox 5.0.5 FortiSandbox 5.0.4 FortiSandbox 5.0.3 FortiSandbox 5.0.2 FortiSandbox 5.0.1 FortiSandbox 5.0.0 FortiSandbox 4.4.9 FortiSandbox 4.4.8 FortiSandbox 4.4.7 FortiSandbox 4.4.6 FortiSandbox 4.4.5 FortiSandbox 4.4.4 FortiSandbox 4.4.3 FortiSandbox 4.4.2 FortiSandbox 4.4.1 FortiSandbox 4.4.0 FortiSandbox PaaS 23.4.4374 FortiSandbox PaaS 23.4.4350 FortiSandbox PaaS 23.3.4329 FortiSandbox PaaS 23.1.4245 FortiSandbox PaaS 22.2.4151 FortiSandbox PaaS 22.2.4134 FortiSandbox PaaS 22.1.4113 FortiSandbox PaaS 21.4.4072 FortiSandbox PaaS 21.3.4055 FortiSandbox PaaS 5.0.5 FortiSandbox PaaS 5.0.4 FortiSandbox PaaS 5.0.3 FortiSandbox PaaS 5.0.2 FortiSandbox PaaS 5.0.1 Credential disclosure in LDAP configuration web page. CVE-2026-27316 FortiSandbox-5.0.5 FortiSandbox-5.0.4 FortiSandbox-5.0.3 FortiSandbox-5.0.2 FortiSandbox-5.0.1 FortiSandbox-5.0.0 FortiSandbox-4.4.9 FortiSandbox-4.4.8 FortiSandbox-4.4.7 FortiSandbox-4.4.6 FortiSandbox-4.4.5 FortiSandbox-4.4.4 FortiSandbox-4.4.3 FortiSandbox-4.4.2 FortiSandbox-4.4.1 FortiSandbox-4.4.0 FortiSandbox PaaS-23.4.4374 FortiSandbox PaaS-23.4.4350 FortiSandbox PaaS-23.3.4329 FortiSandbox PaaS-23.1.4245 FortiSandbox PaaS-22.2.4151 FortiSandbox PaaS-22.2.4134 FortiSandbox PaaS-22.1.4113 FortiSandbox PaaS-21.4.4072 FortiSandbox PaaS-21.3.4055 FortiSandbox PaaS-5.0.5 FortiSandbox PaaS-5.0.4 FortiSandbox PaaS-5.0.3 FortiSandbox PaaS-5.0.2 FortiSandbox PaaS-5.0.1 2.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-26-113 Credential disclosure in LDAP configuration web page. Reference>