CVE-2026-25691

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.5 FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox version 4.2 FortiSandbox Cloud version 5.0.4 FortiSandbox PaaS version 5.0.4

Description An improper limitation of a pathname to a restricted directory, known as path traversal, exists in the system. This issue may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory by sending crafted HTTP requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.