{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39812", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2026-04-07T15:24:11.535Z", "datePublished": "2026-04-14T15:38:18.366Z", "dateUpdated": "2026-04-14T16:46:15.629Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "cpes": ["cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "5.0.0", "lessThanOrEqual": "5.0.4", "status": "affected"}, {"versionType": "semver", "version": "4.4.0", "lessThanOrEqual": "4.4.8", "status": "affected"}, {"versionType": "semver", "version": "4.2.1", "lessThanOrEqual": "4.2.8", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSandbox PaaS", "cpes": ["cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "5.0.0", "lessThanOrEqual": "5.0.5", "status": "affected"}, {"versionType": "semver", "version": "4.4.0", "lessThanOrEqual": "4.4.8", "status": "affected"}, {"versionType": "semver", "version": "4.2.1", "lessThanOrEqual": "4.2.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:18.366Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nUpgrade to FortiSandbox PaaS version 4.4.9 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39812", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T16:26:08.654637Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:46:15.629Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39812", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T16:26:08.654637Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:37:14.786Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSandbox", "versions": [{"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.4"}, {"status": "affected", "version": "4.4.0", "versionType": "semver", "lessThanOrEqual": "4.4.8"}, {"status": "affected", "version": "4.2.1", "versionType": "semver", "lessThanOrEqual": "4.2.8"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:4.2.1:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSandbox PaaS", "versions": [{"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.5"}, {"status": "affected", "version": "4.4.0", "versionType": "semver", "lessThanOrEqual": "4.4.8"}, {"status": "affected", "version": "4.2.1", "versionType": "semver", "lessThanOrEqual": "4.2.8"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nUpgrade to FortiSandbox PaaS version 4.4.9 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110"}], "descriptions": [{"lang": "en", "value": "A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:18.366Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39812", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:46:15.629Z", "dateReserved": "2026-04-07T15:24:11.535Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-04-14T15:38:18.366Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "814D77BE-F536-42DE-B068-F92B95D68248", "versionEndIncluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "0025C9C0-8D61-4563-96F9-F4E09DD83B26", "versionEndExcluding": "4.4.9", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AAEF316-2134-4398-911C-E7532CD3AFF2", "versionEndExcluding": "5.0.6", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "4ADBF898-6FFB-4DBF-AF54-67D431353496", "versionEndIncluding": "23.1.4260", "versionStartIncluding": "22.2.4134", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1D4D476-ECDB-453B-B69C-E9CD894B4FC8", "versionEndIncluding": "24.1.4436", "versionStartIncluding": "23.3.4329", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E5E86B19-95E8-4107-85DC-EFE47225418C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FDAB696D-20A1-4C1A-8DD6-FDECD560AC9C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>"}], "id": "CVE-2026-39812", "lastModified": "2026-04-21T17:12:33.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-04-14T16:16:45.490", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.0,5.0.5]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.4.0,4.4.8]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.2.1,4.2.8]"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "FortiSandbox PaaS", "source": "cna", "vendor": "Fortinet"}, "product": "_fortisandbox_paas", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.0,5.0.4]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.4.0,4.4.8]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.2.1,4.2.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiSandbox", "source": "cna", "vendor": "Fortinet"}, "product": "fortisandbox", "vendor": "fortinet"}], "analysis": {"en": {"generated_at": "2026-04-14T17:40:33.991245+00:00", "value": {"mitigation_remediation": ["Upgrade FortiSandbox to version 5.0.6 or later, or 4.4.9 or later. ", "If using FortiSandbox PaaS, upgrade to version 5.0.6 or later, or 4.4.9 or later. ", "After the upgrade, reboot the device and verify the web interface no longer accepts malicious input."], "summary": {"action": "Immediate patch", "impact": "Arbitrary code execution via cross\u2011site scripting"}, "threat_synthesis": {"affected_systems": "Fortinet FortiSandbox versions 5.0.0 through 5.0.5, 4.4.0 through 4.4.8, and all 4.2 releases, as well as FortiSandbox PaaS versions 5.0.0 through 5.0.5, 4.4.0 through 4.4.8, and all 4.2 releases are impacted. Even the earliest 4.2 series is affected.", "description_and_impact": "This vulnerability arises from improper neutralization of user input during web page generation, allowing attackers to inject and execute arbitrary scripts. Attackers could potentially run malicious code or commands within the context of the victim's browser, which can lead to credential theft, session hijacking, and other phishing\u2011style attacks. The weakness is identified as a cross\u2011site scripting issue (CWE\u201179).", "risk_and_exploitability": "The CVSS base score of 4.3 indicates medium severity, and the absence of an EPSS score makes exploitation likelihood uncertain. It is not listed in the CISA KEV catalog, suggesting no known large\u2011scale exploitation yet. Attackers would need to send crafted input to the vulnerable web form, which they can do remotely from the internet. Thus while the risk is moderate, timely patching is advised to prevent a potential denial of service or compromise through client\u2011side exploitation."}}}}, "created": "2026-04-15T14:41:09.659167+00:00", "title": "Cross\u2011Site Scripting Vulnerability in FortiSandbox and FortiSandbox PaaS", "updated": "2026-04-15T15:30:06.819522+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$_fortisandbox_paas", "fortinet$PRODUCT$fortisandbox"]}