CVE-2026-25089: FortiSandbox unauthenticated command injection added to CISA KEV

·Hacker News··

Fortinet FortiSandbox contains a critical OS command injection vulnerability (CVSS 9.8) in the web UI allowing unauthenticated remote code execution via crafted HTTP requests. Third FortiSandbox CVE exploited in 2026. CISA KEV listed. Find exposed instances with RECON.

Read full article →

Related Articles

Grok Build is open source
skp1995 · Hacker News · 1d ago
How Our Rust-to-Zig Rewrite Is Going
jorangreef · Hacker News · 13h ago
Detecting LLM-Generated Texts with “Classical” Machine Learning
uneven9434 · Hacker News · 8h ago
Decoy Font
ray__ · Hacker News · 9h ago
Sleep regularity is a stronger predictor of mortality risk than sleep duration (2023)
bilsbie · Hacker News · 1d ago