CVE-2026-25836 | THREATINT

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.

PUBLISHED Reserved 2026-02-06 | Published 2026-03-10 | Updated 2026-03-11 | Assigner fortinet

MEDIUM: 6.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Problem types

Execute unauthorized code or commands

Product status

Default status

unaffected

5.0.4

affected

References

fortiguard.fortinet.com/psirt/FG-IR-26-096

cve.org (CVE-2026-25836)

nvd.nist.gov (CVE-2026-25836)

Download JSON