Date Posted: 2026/06/15

【Vulnerability Alert】Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Contain Major Security Vulnerability (CVE-2026-25089)

Subject: 【Vulnerability Alert】Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Contain Major Security Vulnerability (CVE-2026-25089)

Description:
- Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Advisory TWCERTCC-200-202606-00000008
- A missing authorization vulnerability (CVE-2026-26089, CVSS: 9.8) exists in the web interface of Fortinet's FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS, which may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
Affected Platforms:
- FortiSandbox versions 5.0.0 to 5.0.5
- FortiSandbox versions 4.4.0 to 4.4.8
- FortiSandbox Cloud versions 5.0.4 to 5.0.5
- FortiSandbox PaaS versions 5.0.4 to 5.0.5
Recommended Actions:
- Please update to the following versions: FortiSandbox versions 5.0.6 and later, FortiSandbox versions 4.4.9 and later, FortiSandbox Cloud versions 5.0.6 and later, FortiSandbox PaaS versions 5.0.6 and later
References:
1. https://www.twcert.org.tw/tw/cp-169-10962-d96f7-1.html

Computer and Communication Center
Network Systems Division