Fortinet FortiSandbox has disclosed vulnerabilities with a CVSSv3 score of 9.1 mapping to CWE-78 (OS command injection) and CWE-79 (stored cross-site scripting enabling downstream command execution), allowing unauthorized command execution from the management interface. Confirmed CVE identifiers and affected version ranges are not yet published in an official Fortinet PSIRT advisory as of rollup generation — all technical details require verification against the Fortinet FortiGuard PSIRT portal before production action. Despite the data confidence gap, the severity class and weakness types warrant immediate management-plane exposure reduction.