CYBERSIXT Signal Over Noise
All CVEs
Vulnerability intelligence

CVE-2026-25089

CWE-78

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests

CVSS Score
9.1
Critical
EPSS — Exploit Probability
2.0%
Riskier than 84% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
NVD entry PoC / advisory

2 articles across 2 outlets · first covered Jun 10, 2026 · latest Jun 10, 2026

Tracked incidents

vulnerability open 4 articles
Multiple critical vulnerabilities disclosed in Ivanti Sentry and Fortinet products

Coverage timeline