A vulnerability has been found in Fortinet FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS and classified as critical . Impacted is an unknown function of the component HTTP Handler . Performing a manipulation results in os command injection. This vulnerability is identified as CVE-2026-25089 . The attack can be initiated remotely. There is not any exploit available.