CVE-2026-25089: Fortinet FortiSandbox OS Command Injection Vulnerability
Summary
A critical OS command injection vulnerability (CVE-2026-25089) has been identified in Fortinet FortiSandbox products. An unauthenticated attacker can exploit this flaw via crafted HTTP requests to execute unauthorized commands. Organizations are urged to apply vendor-provided mitigations and adhere to CISA's risk-based patching guidance.
IFF Assessment
This vulnerability allows unauthenticated attackers to execute unauthorized commands, posing a significant risk to the integrity and confidentiality of systems protected by FortiSandbox.
Severity
The vulnerability has a high impact, allowing for full system compromise through OS command injection. It is exploitable remotely over HTTP without authentication, making it highly accessible to attackers.
CISA KEV: Listed as actively exploited. Federal patch due: July 19, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability represents a significant threat, as it allows for unauthenticated remote command execution on critical security appliances. Defenders must prioritize patching or mitigating this flaw in Fortinet FortiSandbox environments to prevent potential compromise and further network intrusion.