CVE-2026-25089: FortiSandbox unauthenticated command injection added to CISA KEV

CISA has added a critical unauthenticated command injection vulnerability in Fortinet's FortiSandbox to its Known Exploited Vulnerabilities catalog. The flaw allows attackers to execute arbitrary commands via the web interface, posing a significant risk to enterprise networks.
Fortinet FortiSandbox contains an unauthenticated OS command injection vulnerability in its web interface. Fortinet's CNA record assigns CVSS 9.8, while its PSIRT advisory lists 9.1; NVD has not issued an independent score. Defused reported exploitation attempts in mid-June, and CISA added CVE-2026-25089 to KEV on July 16 with a July 19 deadline for applicable FCEB systems. This is the third FortiSandbox vulnerability exploited in the wild within two months.
Get the full story
Sign up for Headlinne to unlock AI insights, political bias analysis, and your personalized news feed.
Create free accountAlready have an account? Sign in