Skip to main content
Mallory
Back to vulnerabilities
CriticalPublic exploit

Unauthenticated OS Command Injection in Fortinet FortiSandbox Web UI

IdentifiersCVE-2026-25089CWE-78· Improper Neutralization of Special…

CVE-2026-25089 is a critical OS command injection vulnerability in the FortiSandbox Web UI affecting FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, all versions of FortiSandbox 4.2, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5. Fortinet describes the issue as improper neutralization of special elements used in an OS command. Supporting reporting indicates the flaw is a second-order command injection reachable through specifically crafted HTTP requests, with JSON input associated with the start VNC feature in the web interface acting as the trigger path. The vulnerability is remotely exploitable without authentication and can result in execution of unauthorized commands on the underlying operating system.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an unauthenticated remote attacker to execute unauthorized or arbitrary OS commands on the affected FortiSandbox system. Given the CVSS v3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, impact is high across confidentiality, integrity, and availability. In practice, compromise of the FortiSandbox appliance or service could lead to full takeover of the web interface, compromise of the underlying sandbox infrastructure, disruption or manipulation of malware-analysis workflows, and exposure or tampering of data handled by the platform.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict FortiSandbox Web UI access to trusted IP ranges or administrative networks only, minimize or eliminate Internet exposure of the management interface, and monitor logs for suspicious or anomalous HTTP requests targeting the web interface. Administrators should audit deployed versions across on-prem, Cloud, and PaaS instances, schedule expedited maintenance windows, and investigate unusual requests associated with the vulnerable functionality, including the start VNC feature.

Remediation

Patch, then assume compromise.

Upgrade to vendor-fixed releases. Based on the provided content, Fortinet recommends upgrading FortiSandbox 5.0.0 through 5.0.5 to 5.0.6 or later, and FortiSandbox 4.4.0 through 4.4.8 to 4.4.9 or later. FortiSandbox Cloud 5.0.4 through 5.0.5 and FortiSandbox PaaS 5.0.4 through 5.0.5 should be updated to the 5.0.6 firmware or later as applicable. Review Fortinet advisory FG-IR-26-141 for product-specific upgrade guidance and validate that no affected 4.2 deployments remain in service.
PUBLIC EXPLOITS

Exploits

1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos.

VALID 1 / 1 TOTALView more in app
CVE-2026-25089MaturityPoCVerified exploit

This repository is a small standalone Python proof-of-concept/tester for a claimed Fortinet FortiSandbox vulnerability, CVE-2026-25089, described as a second-order OS command injection in a VNC start workflow. The repository contains 5 files: a README, license, gitignore, requirements.txt, and one main Python script, cve-2026-25089.py. The only executable logic is in that Python file, making it the clear entry point. The exploit script has two main capabilities. First, it can simulate the vulnerable behavior locally via vulnerable_command_simulator(), which constructs a shell command using attacker-controlled JSON fields and executes it with subprocess.run(..., shell=True). This is the core exploit behavior and demonstrates arbitrary command execution through the vm_name parameter. Second, it can send the crafted JSON payload to a remote HTTP endpoint using requests.post() in send_to_target(), allowing the user to test a FortiSandbox-like API endpoint. The script disables TLS verification and suppresses urllib3 insecure request warnings, which is common in lab-oriented exploit tooling. The exploit is operational rather than a mere detector because it includes an actual command-execution path in local simulation mode and a delivery mechanism for remote payload submission. However, it is still basic: there is no authentication handling, no target fingerprinting, no response parsing beyond status/body preview, and no advanced payload staging. Payload customization is limited to JSON input and a simple --cmd override that rewrites vm_name to include injected shell commands. Repository structure is minimal and educational in tone. README.md provides setup and usage examples, including local simulation and remote POST testing. requirements.txt lists only the requests dependency. There is no framework usage, no modularization, and no auxiliary exploit components. Overall, this is a compact standalone PoC/test harness intended to demonstrate and exercise an HTTP-delivered OS command injection scenario against a FortiSandbox-like VNC start API.

HORKimhabDisclosed Jun 10, 2026pythonmarkdownwebnetworklocal
EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Fortinet Fortisandbox Paasapplication
FortinetFortisandboxapplication
FortinetFortisandbox Cloudapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
security online infoNews
Jun 10, 2026
Fix CVE-2026-25089 FortiSandbox Bug Now

A critical unauthenticated second-order OS command injection vulnerability in Fortinet FortiSandbox that can be exploited via crafted HTTP requests to the web UI, leading to unauthorized command execution on the underlying operating system.

Read more
cyber security newsNews
Jun 9, 2026
Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized Commands

A critical unauthenticated OS command injection vulnerability in the FortiSandbox Web UI that can allow remote attackers to execute arbitrary operating system commands via crafted HTTP requests.

Read more
cvefeed high severityNews
Jun 9, 2026
CVE-2026-25089 - Fortinet FortiSandbox OS Command Injection

An unauthenticated OS command injection vulnerability in Fortinet FortiSandbox products that may allow unauthorized command execution via crafted HTTP requests.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity5

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-25089
NVD
nvd.nist.gov/vuln/detail/CVE-2026-25089
MITRE CWE · CWE-78
Improper Neutralization of Special Elements…
fortiguard.fortinet.com
fortiguard.fortinet.com/psirt/FG-IR-26-141