CVE-2026-25089: FortiSandbox unauthenticated command injection added to CISA KEV
Vulnerabilities & Exploits, Security, Tech Regulation & Compliance(hellorecon.com)view on HackerNews
FortinetFortiSandboxCVE-2026-25089OS command injectionvulnerabilityexploitationsecurity
Author: slvnx
Date: 7/16/2026
Article Summary:
A critical unauthenticated OS command injection vulnerability (CVE-2026-25089) in Fortinet's FortiSandbox allows attackers to inject shell metacharacters via JSON payloads in HTTP requests, affecting versions 4.2.x, 4.4.0–4.4.8, 5.0.0–5.0.5.