VDB
CVE-2026-25089
CVE-2026-25089
PUBLISHED
CVSS 9.800000190734863 CRITICAL
CVE-2026-25089 is a critical OS command injection vulnerability, with CVSS score of 9.8, affecting FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5. The vulnerability arises from improper neutralization of special elements used in an OS command in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI, allowing an unauthenticated remote attacker to execute unauthorized commands through specially crafted HTTP requests.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
- Jun 9, 2026 CVE Published
- Jun 10, 2026 Coalition ESS Score
- Jun 10, 2026 Security Advisory