VDB

CVE-2026-25089

CVE-2026-25089 PUBLISHED CVSS 9.800000190734863 CRITICAL

CVE-2026-25089 is a critical OS command injection vulnerability, with CVSS score of 9.8, affecting FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5. The vulnerability arises from improper neutralization of special elements used in an OS command in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI, allowing an unauthenticated remote attacker to execute unauthorized commands through specially crafted HTTP requests.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›