Advertisement
Security

CISA Adds Fortinet FortiSandbox Command Injection Flaw to KEV Catalog

CISA has confirmed active exploitation of a command injection vulnerability in Fortinet FortiSandbox, mandating urgent remediation for federal agencies.

··1 hour ago·1 min read
red padlock on black computer keyboard
Photo by FlyD on Unsplash
Advertisement

CISA has added CVE-2026-25089 to its Known Exploited Vulnerabilities catalog, confirming that the flaw is currently being targeted in real-world attacks. The vulnerability affects Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS, allowing an unauthenticated attacker to execute unauthorized commands through specifically crafted HTTP requests.

Classified as CWE-78, this OS command injection vulnerability poses a significant security risk to affected systems. Federal agencies are required to apply vendor-provided mitigations by July 19, 2026, in accordance with CISA’s BOD 26-04 guidance. Stakeholders should evaluate the internet exposure of their assets and follow specific forensic triage requirements to ensure compliance.

#cve-2026-25089#fortinet#vulnerability#cisa#command-injection

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement