Date Posted: 2026/06/15
【Vulnerability Alert】Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Contain Major Security Vulnerability (CVE-2026-25089)
- Subject: 【Vulnerability Alert】Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Contain Major Security Vulnerability (CVE-2026-25089)
- Description:
- Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Advisory TWCERTCC-200-202606-00000008
- A missing authorization vulnerability (CVE-2026-26089, CVSS: 9.8) exists in the web interface of Fortinet's FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS, which may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
- Affected Platforms:
- FortiSandbox versions 5.0.0 to 5.0.5
- FortiSandbox versions 4.4.0 to 4.4.8
- FortiSandbox Cloud versions 5.0.4 to 5.0.5
- FortiSandbox PaaS versions 5.0.4 to 5.0.5
- Recommended Actions:
- Please update to the following versions: FortiSandbox versions 5.0.6 and later, FortiSandbox versions 4.4.9 and later, FortiSandbox Cloud versions 5.0.6 and later, FortiSandbox PaaS versions 5.0.6 and later
- References:
Computer and Communication Center
Network Systems Division
