{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25089", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2026-01-29T09:27:29.820Z", "datePublished": "2026-06-09T14:27:47.492Z", "dateUpdated": "2026-06-10T13:35:01.375Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "cpes": ["cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "5.0.0", "lessThanOrEqual": "5.0.5", "status": "affected"}, {"versionType": "semver", "version": "4.4.0", "lessThanOrEqual": "4.4.8", "status": "affected"}, {"versionType": "semver", "version": "4.2.1", "lessThanOrEqual": "4.2.8", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSandbox Cloud", "cpes": ["cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "5.0.4", "lessThanOrEqual": "5.0.5", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSandbox PaaS", "cpes": ["cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "5.0.4", "lessThanOrEqual": "5.0.5", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-06-09T14:27:47.492Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action."}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-10T03:58:38.447554Z", "id": "CVE-2026-25089", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-10T13:35:01.375Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25089", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-10T03:58:38.447554Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T15:36:07.778Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSandbox", "versions": [{"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.5"}, {"status": "affected", "version": "4.4.0", "versionType": "semver", "lessThanOrEqual": "4.4.8"}, {"status": "affected", "version": "4.2.1", "versionType": "semver", "lessThanOrEqual": "4.2.8"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSandbox Cloud", "versions": [{"status": "affected", "version": "5.0.4", "versionType": "semver", "lessThanOrEqual": "5.0.5"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSandbox PaaS", "versions": [{"status": "affected", "version": "5.0.4", "versionType": "semver", "lessThanOrEqual": "5.0.5"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action."}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141"}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-06-09T14:27:47.492Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25089", "state": "PUBLISHED", "dateUpdated": "2026-06-10T13:35:01.375Z", "dateReserved": "2026-01-29T09:27:29.820Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-06-09T14:27:47.492Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "814D77BE-F536-42DE-B068-F92B95D68248", "versionEndIncluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "0025C9C0-8D61-4563-96F9-F4E09DD83B26", "versionEndExcluding": "4.4.9", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AAEF316-2134-4398-911C-E7532CD3AFF2", "versionEndExcluding": "5.0.6", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "D479507F-4DD8-4455-A8DB-138AD56C6822", "versionEndExcluding": "5.0.6", "versionStartIncluding": "5.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A9A2E9-3086-4172-B3A3-212873B8C4A9", "versionEndExcluding": "5.0.6", "versionStartIncluding": "5.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"}], "id": "CVE-2026-25089", "lastModified": "2026-06-11T21:39:00.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-06-09T16:16:39.943", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.0,5.0.5]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.4.0,4.4.8]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.2.1,4.2.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiSandbox", "source": "cna", "vendor": "Fortinet"}, "product": "fortisandbox", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.4,5.0.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiSandbox Cloud", "source": "cna", "vendor": "Fortinet"}, "product": "fortisandboxcloud", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.4,5.0.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiSandbox PaaS", "source": "cna", "vendor": "Fortinet"}, "product": "fortisandboxpaas", "vendor": "fortinet"}], "created": "2026-06-09T17:00:09.696952+00:00", "title": "FortiSandbox OS Command Injection Vulnerability", "updated": "2026-06-24T13:15:15.420790+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$fortisandbox", "fortinet$PRODUCT$fortisandboxcloud", "fortinet$PRODUCT$fortisandboxpaas"]}