{"api_version":"1","generated_at":"2026-06-09T18:22:08+00:00","cve":"CVE-2026-25089","urls":{"html":"https://cve.report/CVE-2026-25089","api":"https://cve.report/api/cve/CVE-2026-25089.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-25089","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-25089"},"summary":{"title":"CVE-2026-25089","description":"A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests","state":"PUBLISHED","assigner":"fortinet","published_at":"2026-06-09 16:16:39","updated_at":"2026-06-09 16:16:39"},"problem_types":["CWE-78","CWE-78 Execute unauthorized code or commands"],"metrics":[{"version":"3.1","source":"psirt@fortinet.com","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","version":"3.1"}}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-141","name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-141","refsource":"psirt@fortinet.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-25089","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25089","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Fortinet","product":"FortiSandbox","version":"affected 5.0.0 5.0.5 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiSandbox","version":"affected 4.4.0 4.4.8 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiSandbox","version":"affected 4.2.1 4.2.8 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiSandbox Cloud","version":"affected 5.0.4 5.0.5 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiSandbox PaaS","version":"affected 5.0.4 5.0.5 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming  FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action.","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-25089","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-09T15:35:58.866785Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-09T15:36:21.741Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiSandbox","vendor":"Fortinet","versions":[{"lessThanOrEqual":"5.0.5","status":"affected","version":"5.0.0","versionType":"semver"},{"lessThanOrEqual":"4.4.8","status":"affected","version":"4.4.0","versionType":"semver"},{"lessThanOrEqual":"4.2.8","status":"affected","version":"4.2.1","versionType":"semver"}]},{"cpes":["cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiSandbox Cloud","vendor":"Fortinet","versions":[{"lessThanOrEqual":"5.0.5","status":"affected","version":"5.0.4","versionType":"semver"}]},{"cpes":["cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiSandbox PaaS","vendor":"Fortinet","versions":[{"lessThanOrEqual":"5.0.5","status":"affected","version":"5.0.4","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"Execute unauthorized code or commands","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-09T14:27:47.492Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-141","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-141"}],"solutions":[{"lang":"en","value":"Upgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming  FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action."}]}},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2026-25089","datePublished":"2026-06-09T14:27:47.492Z","dateReserved":"2026-01-29T09:27:29.820Z","dateUpdated":"2026-06-09T15:36:21.741Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-09 16:16:39","lastModifiedDate":"2026-06-09 16:16:39","problem_types":["CWE-78","CWE-78 Execute unauthorized code or commands"],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"25089","Ordinal":"1","Title":"CVE-2026-25089","CVE":"CVE-2026-25089","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"25089","Ordinal":"1","NoteData":"A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests","Type":"Description","Title":"CVE-2026-25089"}]}}}