CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 09, 2026

Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized Commands

Cybersecurity News Archived Jun 09, 2026 ✓ Full text saved

Fortinet has disclosed a critical security vulnerability in its FortiSandbox product line that could allow unauthenticated remote attackers to execute arbitrary OS commands through the web interface. The flaw, tracked as CVE-2026-25089 and assigned a CVSSv3 score of 9.1 (Critical), affects multiple versions of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS deployments. The vulnerability stems from […] The post Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized Commands By Guru Baran June 9, 2026 Fortinet has disclosed a critical security vulnerability in its FortiSandbox product line that could allow unauthenticated remote attackers to execute arbitrary OS commands through the web interface. The flaw, tracked as CVE-2026-25089 and assigned a CVSSv3 score of 9.1 (Critical), affects multiple versions of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS deployments. The vulnerability stems from an improper neutralization of special elements used in an OS command (CWE-78) commonly known as OS command injection present in the FortiSandbox Web UI. By sending specifically crafted HTTP requests, a remote, unauthenticated attacker can exploit this flaw to execute unauthorized commands on the underlying system. Because no authentication is required to trigger the vulnerability, the attack complexity is low, and the potential blast radius is significant. Successful exploitation can result in the full compromise of the affected system’s confidentiality, integrity, and availability, which explains its near-maximum CVSS score. The advisory was discovered and reported internally by Adham El Karn of Fortinet’s Product Security team and published on June 9, 2026, under the internal reference FG-IR-26-141. Affected Versions and Fixes The vulnerability impacts the following product versions: Product Affected Versions Fix FortiSandbox 5.0.0 – 5.0.5 Upgrade to 5.0.6 or above FortiSandbox 4.4.0 – 4.4.8 Upgrade to 4.4.9 or above FortiSandbox Cloud 5.0.4 – 5.0.5 Upgrade to 5.0.6 or above FortiSandbox PaaS 5.0.4 – 5.0.5 Upgrade to 5.0.6 or above FortiSandbox 5.2, FortiSandbox Cloud 4.4, FortiSandbox Cloud 5.2, FortiSandbox PaaS 4.4, FortiSandbox PaaS 5.2, and FortiSandbox PaaS 23.4 are not affected by this vulnerability. While there are currently no reports of active exploitation in the wild, the unauthenticated nature of this attack vector makes it a high-priority target for threat actors. FortiSandbox is widely deployed in enterprise environments as a malware analysis and threat detection platform, meaning a successful compromise could undermine an organization’s entire threat detection pipeline, giving attackers a strategic foothold. Recommended Actions Security teams are strongly advised to take the following steps immediately: Upgrade affected FortiSandbox installations to version 5.0.6 or 4.4.9 or above Restrict web UI access to trusted IP ranges as a temporary mitigation Monitor logs for anomalous HTTP requests targeting the FortiSandbox web interface Review Fortinet’s official advisory at the Fortinet PSIRT portal for further guidance Organizations still running any affected 4.4.9 or 5.0.6 builds should treat this as an urgent patching priority given the critical severity and zero-authentication requirement. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams Hackers Use YouTube and SEO Poisoning to Spread WeedHack Minecraft Malware 21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign Latest News Cyber Security Google Chrome 0-Day Vulnerability Exploited in the Wild — Update Now Cyber Security News New Weedhack Malware-as-a-Service Targets Minecraft Players to Steal Credentials, and Hijack Accounts Cyber Security News New NFCShare Android Malware Delivered via Weaponized Versions of Egitimate Banking Apps Cyber Security Microsoft Defender Now Monitors RPC Protocol Abuse by Hackers Cyber Security Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 09, 2026
    Archived
    Jun 09, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗