CVE-2026-25836

OS Command Injection Vulnerability in FortiSandbox Cloud 5.0.4

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.

INFO

Published Date :

2026-03-10T16:44:06.991Z

Last Modified :

2026-04-14T15:38:23.184Z

Source :

fortinet

AFFECTED PRODUCTS

The following products are affected by CVE-2026-25836 vulnerability.

Vendors	Products
Fortinet	Fortisandbox Cloud Fortisandboxcloud

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25836.

URL	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-26-096

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact