Fortinet FortiSandbox Cloud: Unapproved Code Execution Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

Fortinet FortiSandbox Cloud: Unapproved Code Execution Risk

CVE-2026-25836

Summary

A critical issue in Fortinet's cloud-based sandboxing service could allow a highly privileged user to run unauthorized code or commands, potentially leading to system compromise. This vulnerability affects users with super-admin privileges and CLI access. Fortinet should be notified and updated to the latest version to mitigate this risk.

Original title

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin pr...

Original description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.

nvd CVSS3.1 7.2

Vulnerability type

CWE-78 OS Command Injection

https://fortiguard.fortinet.com/psirt/FG-IR-26-096

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026