CVE-2026-25089

PUBLISHED

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through...

Fortinet · FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS
PoC available

Recommended Action

Track for updates. Assess relevance to your asset inventory and enrichment workflows.

Confidence
Exploitation Status
PoC available
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
CVSS / EPSS
9.8 Critical EPSS 2.0%

At a Glance

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests

edge
CVE Published
Jun 09, 2026
CVSS
9.8 Critical
EPSS
2.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Fortinet
FortiSandbox

5.0.0 to <= 5.0.5

Affected
Fortinet
FortiSandbox

4.4.0 to <= 4.4.8

Affected
Fortinet
FortiSandbox

4.2.1 to <= 4.2.8

Affected
Fortinet
FortiSandbox Cloud

5.0.4 to <= 5.0.5

Affected
Fortinet
FortiSandbox PaaS

5.0.4 to <= 5.0.5

Affected

Recommended Actions

  • Track for updates. Assess relevance to your asset inventory and enrichment workflows.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.