CVE-2026-25089 – Fortinet FortiSandbox OS Command Injection

CVE ID :CVE-2026-25089

Published : June 9, 2026, 4:16 p.m. | 19 minutes ago

Description :A improper neutralization of special elements used in an os command (‘os command injection’) vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-8045 – Schneider Electric Data Center Expert XXE Information Disclosure

CVE-2026-8025 – SQLi in MOSK Informatics’ CBS Platform

CVE-2026-49948 – Mem0 0.2.8 Missing Authorization via POST /configure Endpoint

CVE-2026-49938 – Fortinet FortiPortal Improper Access Control