« All posts

CVE-2026-25089: Unauthenticated Command Injection in FortiSandbox

CVE-2026-25089 is a critical security vulnerability in FortiSandbox. Learn its significance and remediation steps.

Fortinet FortiSandbox has an unauthenticated OS command injection vulnerability in its web interface. CISA added this vulnerability to the KEV list on July 16, 2026, marking it as the third exploited flaw in FortiSandbox within two months. Engineers need to understand the impact of such vulnerabilities on their systems and ensure timely updates.