CVE-2026-25089

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.5 FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox version 4.2 FortiSandbox Cloud versions 5.0.4 through 5.0.5 FortiSandbox PaaS versions 5.0.4 through 5.0.5

Description An OS command injection issue exists where improper neutralization of special elements used in an OS command allows an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. OS command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the server running the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.