Summary
Fortinet patched a critical OS command injection vulnerability (CVE-2026-25089) in FortiSandbox that allows unauthenticated attackers to execute arbitrary commands via the Web UI.
Take Action:
If possible, make sure your FortiSandbox devices are isolated from the internet and only reachable from trusted internal networks or VPNs. Upgrade right away to a patched version (5.0.6 or higher on the 5.0 branch, 4.4.9 or higher on the 4.4 branch). This will become very quickly exploited on publicly accessible interfaces, and then on the rest.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)