CVE-2026-25089
Fortinet FortiSandbox OS Command Injection Vulnerability
⚠ KEVEPSS 23.4%
Description
Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS contain an OS command injection vulnerability that allows an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
How to fix CVE-2026-25089
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2026-25089 being exploited?
Yes — CVE-2026-25089 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.