← العودة للجدول
CVE-2026-25089
Fortinet FortiSandbox OS Command Injection Vulnerability Added to KEV
📅 2026-07-16
🟠 High 🔥 Yes CISA KEV Vulnerability Fortinet

📋 الوصف الكامل

Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS contain an OS command injection vulnerability that allows an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. | Required: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

💻 الأنظمة المتأثرة

Fortinet FortiSandbox

⚠️ نوع التهديد

Vulnerability

🔗 CVE ID

CVE-2026-25089

📡 المصدر

CISA KEV

✅ الحلول والتخفيف

Apply patch by 2026-07-19

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ← 🔍 Valters IT ←