CVE-2026-25089 allows a remote, unauthenticated attacker to execute arbitrary commands on vulnerable appliances.
| Vendor | Product | Versions |
|---|---|---|
| fortinet | fortisandbox | 5.0.0, 4.4.0, 4.2.1, 5.0.4, 5.0.4, FortiSandbox 4.4.0 - 4.4.8, FortiSandbox 5.0.0 - 5.0.5, FortiAnalyzer Cloud 7.6.2 - 7.6.4, FortiManager Cloud 7.6.2 - 7.6.4, FortiDDoS-F 7.2.1 - 7.2.2 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| fortinet | fortisandbox cloud | mitre_affected | 90% |
| fortinet | fortisandbox paas | mitre_affected | 90% |
| fortinet | fortisandbox | cert_advisory | 90% |
| fortinet | fortisandbox_cloud | cve_cpe | 95% |
| fortinet | fortisandbox_paas | cve_cpe | 95% |
Updated description to specify that CVE-2026-25089 allows arbitrary command execution and noted that it was patched in June 2026.
Updated CVSS score to 9.8, added affected version 4.4.9, marked exploit as available, and confirmed patch available for 4.4.9.
Updated patch version to 5.0.6, added new affected versions, and marked the vulnerability as actively exploited.
Updated affected versions to include 4.4.9, confirmed patch available as 5.0.6, and marked exploit as available and actively exploited.
Added affected version 5.2 and updated patch available to 5.0.6.
Initial creation
