Vulnerability-Lookup

WID-SEC-W-2026-1836

Vulnerability from csaf_certbund - Published: 2026-06-09 22:00 - Updated: 2026-06-09 22:00

Summary

Fortinet FortiSandbox: Schwachstelle ermöglicht Befehlsausführung

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: FortiSandbox ist eine Advanced Threat Detection Appliance.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiSandbox ausnutzen, um beliebige Betriebssystembefehle auszuführen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2026-25089

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Fortinet FortiSandbox <5.0.6 Fortinet / FortiSandbox		<5.0.6
Fortinet FortiSandbox <4.4.9 Fortinet / FortiSandbox		<4.4.9

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.fortiguard.com/psirt/FG-IR-26-141	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FortiSandbox ist eine Advanced Threat Detection Appliance.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiSandbox ausnutzen, um beliebige Betriebssystembefehle auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1836 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1836.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1836 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1836"
      },
      {
        "category": "external",
        "summary": "FortiGuard Labs PSIRT Advisory FG-IR-26-141 vom 2026-06-09",
        "url": "https://www.fortiguard.com/psirt/FG-IR-26-141"
      }
    ],
    "source_lang": "en-US",
    "title": "Fortinet FortiSandbox: Schwachstelle erm\u00f6glicht Befehlsausf\u00fchrung",
    "tracking": {
      "current_release_date": "2026-06-09T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-10T06:05:57.426+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1836",
      "initial_release_date": "2026-06-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.4.9",
                "product": {
                  "name": "Fortinet FortiSandbox \u003c4.4.9",
                  "product_id": "CD913002-6553-44E1-B9BB-E6BDBE7E60E4"
                }
              },
              {
                "category": "product_version",
                "name": "4.4.9",
                "product": {
                  "name": "Fortinet FortiSandbox 4.4.9",
                  "product_id": "CD913002-6553-44E1-B9BB-E6BDBE7E60E4-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortisandbox:4.4.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.0.6",
                "product": {
                  "name": "Fortinet FortiSandbox \u003c5.0.6",
                  "product_id": "EDD95A98-AE58-40F6-BA29-31A131A5653A"
                }
              },
              {
                "category": "product_version",
                "name": "5.0.6",
                "product": {
                  "name": "Fortinet FortiSandbox 5.0.6",
                  "product_id": "EDD95A98-AE58-40F6-BA29-31A131A5653A-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortisandbox:5.0.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiSandbox"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-25089",
      "product_status": {
        "known_affected": [
          "EDD95A98-AE58-40F6-BA29-31A131A5653A",
          "CD913002-6553-44E1-B9BB-E6BDBE7E60E4"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-25089"
    }
  ]
}

CVE-2026-25089 (GCVE-0-2026-25089)

Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-06-10 13:35

Summary

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Execute unauthorized code or commands

Assigner

fortinet

References

1 reference

URL	Tags
https://fortiguard.fortinet.com/psirt/FG-IR-26-141

Impacted products

3 products

Vendor	Product	Version
Fortinet	FortiSandbox	Affected: 5.0.0 , ≤ 5.0.5 (semver) Affected: 4.4.0 , ≤ 4.4.8 (semver) Affected: 4.2.1 , ≤ 4.2.8 (semver) cpe:2.3:a:fortinet:fortisandbox:5.0.5:::::::* cpe:2.3:a:fortinet:fortisandbox:5.0.4:::::::* cpe:2.3:a:fortinet:fortisandbox:5.0.3:::::::* cpe:2.3:a:fortinet:fortisandbox:5.0.2:::::::* cpe:2.3:a:fortinet:fortisandbox:5.0.1:::::::* cpe:2.3:a:fortinet:fortisandbox:5.0.0:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.8:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.7:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.6:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.5:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.4:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.3:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.2:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.1:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.0:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.8:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.7:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.6:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.5:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.4:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.3:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.2:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.1:::::::*
Fortinet	FortiSandbox Cloud	Affected: 5.0.4 , ≤ 5.0.5 (semver) cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:::::::* cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:::::::*
Fortinet	FortiSandbox PaaS	Affected: 5.0.4 , ≤ 5.0.5 (semver) cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:::::::* cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25089",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T03:58:38.447554Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T13:35:01.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSandbox",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.0.5",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.8",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.2.8",
              "status": "affected",
              "version": "4.2.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSandbox Cloud",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.0.5",
              "status": "affected",
              "version": "5.0.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSandbox PaaS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.0.5",
              "status": "affected",
              "version": "5.0.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T14:27:47.492Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming  FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2026-25089",
    "datePublished": "2026-06-09T14:27:47.492Z",
    "dateReserved": "2026-01-29T09:27:29.820Z",
    "dateUpdated": "2026-06-10T13:35:01.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1836

CVE-2026-25089 (GCVE-0-2026-25089)

Tags

Sightings

Nomenclature