Advertisement
Security

CISA Adds Actively Exploited Fortinet FortiSandbox Flaw to KEV Catalog

CISA has confirmed active exploitation of an OS command injection vulnerability in Fortinet FortiSandbox, mandating urgent remediation for federal agencies.

··58 minutes ago·1 min read
brown padlock on black computer keyboard
Photo by FlyD on Unsplash
Advertisement

Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS are affected by an OS command injection vulnerability, tracked as CVE-2026-25089. This security flaw, categorized as CWE-78, allows an unauthenticated attacker to execute unauthorized commands on the system by sending specifically crafted HTTP requests.

The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog as of July 16, 2026, confirming its use in real-world attacks. Federal agencies are required to apply necessary mitigations by July 19, 2026, in accordance with BOD 26-04 guidelines.

Organizations are advised to follow vendor instructions to secure their deployments. Stakeholders must evaluate the internet exposure of their assets and ensure compliance with CISA's forensics triage requirements and patching guidance. If mitigations are unavailable for cloud services, agencies should discontinue use of the product.

#cve-2026-25089#fortinet#command injection#cisa#vulnerability

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement