Advertisement
Security

CISA Adds Actively Exploited FortiSandbox Flaw to KEV Catalog

CISA has confirmed active exploitation of an OS command injection vulnerability in Fortinet FortiSandbox, requiring immediate remediation.

··1 hour ago·1 min read
img IX mining rig inside white and gray room
Photo by imgix on Unsplash
Advertisement

CISA has added CVE-2026-25089, an OS command injection vulnerability (CWE-78) affecting Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS, to its Known Exploited Vulnerabilities catalog. The flaw allows unauthenticated attackers to execute unauthorized commands on affected systems through specifically crafted HTTP requests.

Because this vulnerability is confirmed to be under active exploitation, federal agencies must apply vendor-provided mitigations by July 19, 2026. Organizations are required to follow CISA’s BOD 26-04 guidance, which includes evaluating internet exposure and adhering to mandatory forensics triage requirements.

#vulnerability#fortinet#cve-2026-25089#cisa#command-injection

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement