CVE-2026-25089: FortiSandbox unauthenticated command injection added to CISA KEV
Fortinet FortiSandbox contains a critical OS command injection vulnerability (CVSS 9.8) in the web UI allowing unauthenticated remote code execution via crafted HTTP requests. Third FortiSandbox CVE exploited in 2026. CISA KEV listed. Find exposed instances with RECON.
Read full article →