Stories tagged: #fortisandbox

Fortinet patches unauth command injection in FortiSandbox (CVE-2026-25089)

Crafted HTTP requests against the FortiSandbox web UI yield OS command execution. CVSS 9.1. No active exploitation reported. Fixed in 5.0.6 and 4.4.9.