www.cisa.gov 7/16/2026, 6:39:51 PM · external

CISA KEV Catalogue Adds FortiSandbox Flaw CVE-2026-25089

Developing story vulnerability 13 articles tracked
Fortinet FortiSandbox vulnerabilities exploited in global FortiBleed campaign
CyberSIXT Evidence Panel
CISA KEV Listed in KEV
Patch Patch Available

THE Known Exploited Vulnerabilities (KEV) Catalog is a resource provided by CISA, aimed at helping organizations manage cybersecurity vulnerabilities that have been actively exploited. It allows users to prioritize vulnerability management and encourages reporting of any vulnerabilities not listed in the catalog. One specific vulnerability highlighted is CVE-2026-25089 related to Fortinet's FortiSandbox, which poses a risk of OS command injection, allowing unauthorized command execution via crafted HTTP requests.

The catalog also offers data in formats like CSV and JSON, along with guidelines for applying mitigations and adhering to security update priorities set by CISA. Users can subscribe for updates on new vulnerabilities.

View Primary Source Via www.cisa.gov

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline