VDB
GCVE-110-NCSC-2026-189
GCVE-110-NCSC-2026-189
Advisory PublishedCVSS 9.8/10
Fortinet FortiSandbox versions 4.2 through 5.0.5, including Cloud and PaaS variants, contain an OS command injection vulnerability allowing unauthenticated attackers to execute unauthorized commands via crafted HTTP requests.
Weaknesses (CWE)
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Scores
CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Fortinet | vers:unknown/* | — | — |
Aliases
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.