FILTERING BY: CLEAR FILTER

Fortinet FortiSandbox: Critical RCE Vulnerabilities CVE-2026-25089 and CVE-2026-26083

Fortinet FortiSandbox is under active exploitation via a cluster of critical vulnerabilities, most notably CVE-2026-25089 and CVE-2026-26083 (CVSS 9.8). Attackers leverage OS Command Injection (CWE-78) and Missing Authorization (CWE-862) to execute arbitrary commands with high privileges without authentication. This is often chained with CVE-2026-39813 (Path Traversal in the JRPC API) and CVE-2026-39808 to bypass security controls and gain full system access. The primary impact is the complete compromise of the sandbox appliance, allowing adversaries to manipulate the malware analysis environment and potentially pivot deeper into the corporate network.


LINK COPIED TO CLIPBOARD