VDB

GCVE-110-NCSC-2026-189

GCVE-110-NCSC-2026-189
Advisory PublishedCVSS 9.8/10
Vulnetix · Advisory published June 11, 2026
Fortinet FortiSandbox versions 4.2 through 5.0.5, including Cloud and PaaS variants, contain an OS command injection vulnerability allowing unauthenticated attackers to execute unauthorized commands via crafted HTTP requests.

Weaknesses (CWE)

CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Scores

CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Fortinetvers:unknown/*

References

advisory
advisory
advisory

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›