HeadlinesBriefing favicon HeadlinesBriefing.com

FortiSandbox CVE-2026-25089: Critical Command Injection

Hacker News •
×

A critical OS command injection vulnerability, CVE-2026-25089, has been discovered in Fortinet FortiSandbox's web interface. Assigned a CVSS score of 9.8, this flaw allows unauthenticated attackers to inject malicious commands by exploiting the "start VNC" feature. Exploitation attempts have been observed since mid-June 2026, prompting CISA to add it to their Known Exploited Vulnerabilities (KEV) catalog.

This marks the third FortiSandbox vulnerability actively exploited in the wild within two months, following CVE-2026-39808 and CVE-2026-39813. The vulnerability affects various versions of FortiSandbox, including 4.2.x, 4.4.0–4.4.8, and 5.0.0–5.0.5. Fortinet has released patches for versions 4.4.9+ and 5.0.6+.

Organizations are urged to identify exposed FortiSandbox instances on their networks using methods like port scanning and analyzing HTTP headers. Immediate patching is recommended, and restricting access to the management interface is crucial to mitigate risk. The compromise of FortiSandbox can impact integrated Fortinet products, necessitating a review of connected workflows and logs for any unusual activity.