Cyber Posture

CVE-2024-54026

Medium

Published: 11 March 2025

Published
11 March 2025
Modified
14 January 2026
KEV Added
Patch
CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0032 55.1th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54026 is a medium-severity SQL Injection (CWE-89) vulnerability in Fortinet Fortisandbox. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly implements input validation mechanisms to neutralize special elements in SQL commands, preventing SQL injection via crafted HTTP requests.

SI-2 Flaw Remediation good match
preventrecover

Requires timely identification, reporting, and correction of flaws like this SQL injection vulnerability through patching.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Monitors and scans for vulnerabilities such as CVE-2024-54026 to identify and prioritize remediation efforts.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SQL injection via crafted HTTP requests in a network-accessible web application (FortiSandbox) directly enables exploitation of public-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox…

more

Cloud 24.1 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Deeper analysisAI

CVE-2024-54026 is an SQL injection vulnerability (CWE-89) due to improper neutralization of special elements in SQL commands. It affects Fortinet FortiSandbox versions 4.4.0 through 4.4.6, all versions of FortiSandbox 4.2, 4.0, 3.2, 3.1, 3.0, and FortiSandbox Cloud 24.1. The flaw allows attackers to execute unauthorized code or commands through specifically crafted HTTP requests. The vulnerability has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), indicating low severity with limited confidentiality impact.

An attacker with low privileges (PR:L) can exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction required. By sending crafted HTTP requests, the attacker can inject malicious SQL, potentially leading to unauthorized code or command execution, though the scoped impact is confined to low confidentiality per the CVSS vector.

Fortinet has published advisory FG-IR-24-353 at https://fortiguard.fortinet.com/psirt/FG-IR-24-353, which provides details on the vulnerability and recommended mitigations or patches.

Details

CWE(s)
CWE-89

Affected Products

fortinet
fortisandbox
3.0.0 — 4.4.7
fortinet
fortisandbox cloud
24.1

CVEs Like This One

CVE-2025-52436Same product: Fortinet Fortisandbox
CVE-2025-59922Same vendor: Fortinet
CVE-2026-21643Same vendor: Fortinet
CVE-2025-61848Same vendor: Fortinet
CVE-2025-49784Same vendor: Fortinet
CVE-2024-52960Same product: Fortinet Fortisandbox
CVE-2024-52961Same product: Fortinet Fortisandbox
CVE-2026-39815Same vendor: Fortinet
CVE-2026-25836Same product: Fortinet Fortisandbox Cloud
CVE-2026-39808Same product: Fortinet Fortisandbox

References