Hacker News·4 min read·hard

CVE-2026-25089: FortiSandbox unauthenticated command injection added to CISA KEV

S
slvnx
CVE-2026-25089: FortiSandbox unauthenticated command injection added to CISA KEV
AI Summary

CISA has added a critical unauthenticated command injection vulnerability in Fortinet's FortiSandbox to its Known Exploited Vulnerabilities catalog. The flaw allows attackers to execute arbitrary commands via the web interface, posing a significant risk to enterprise networks.

Fortinet FortiSandbox contains an unauthenticated OS command injection vulnerability in its web interface. Fortinet's CNA record assigns CVSS 9.8, while its PSIRT advisory lists 9.1; NVD has not issued an independent score. Defused reported exploitation attempts in mid-June, and CISA added CVE-2026-25089 to KEV on July 16 with a July 19 deadline for applicable FCEB systems. This is the third FortiSandbox vulnerability exploited in the wild within two months.

Continue reading on Headlinne

Create a free account to read the full article.

Read full article →
technologybusiness

Get the full story

Sign up for Headlinne to unlock AI insights, political bias analysis, and your personalized news feed.

Create free account

Already have an account? Sign in