Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

FortiSandbox unauthenticated command injection (CVE-2026-25089)

Vulnerability
First reported
Last updated
Happening score
H score 47
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-25089 is an unauthenticated operating system command injection in FortiSandbox-related products that was seen in active exploitation over the past 24 hours. The flaw can let an attacker send crafted HTTP requests to execute unauthorized commands on exposed systems.

Related Happenings

Fortinet FortiSandbox multi-CVE exploitation wave

Exploitation Wave
H score49 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

How related: In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours.

About this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...

Open Happening

PAN-OS / Prisma Access GlobalProtect authentication bypass (CVE-2026-0257, actively exploited)

Vulnerability
H score20 First: 30.05.2026 09:41 Last: 30.05.2026 09:41 Sources 1

About this happening: **PAN-OS** and **Prisma Access** are affected by **CVE-2026-0257**, an **authentication bypass** in the **GlobalProtect portal and gateway** that can let attackers establish an **...

Open Happening

FortiClient EMS improper access control flaw (CVE-2026-35616)

Vulnerability
H score52 First: 05.04.2026 21:45 Last: 05.04.2026 21:45 Sources 1

About this happening: **CVE-2026-35616** is an **actively exploited** improper access control flaw in **FortiClient Enterprise Management Server (EMS)** that lets unauthenticated attackers execute code...

Latest development: 28.05.2026 18:26

Attackers were already abusing **CVE-2026-35616** against **FortiClient EMS** in **May 2026**. The flaw provided **pre-auth API access bypass** and **privilege escalation** before remediation in **7.4.7 and later**.

Open Happening

Fortinet FortiClient EMS SQL injection actively exploited SQL injection flaw (CVE-2026-21643)

Vulnerability
H score58 First: 30.03.2026 10:48 Last: 30.03.2026 10:48 Sources 1

About this happening: Active exploitation of **CVE-2026-21643** is putting **Fortinet FortiClient EMS** deployments at risk of **unauthenticated arbitrary code or command execution** on unpatched syste...

Open Happening

CISA FortiWeb remediation order for FCEB agencies

Public Sector Action
H score43 First: 19.11.2025 15:44 Last: 19.11.2025 15:44 Sources 1

About this happening: CISA ordered **U.S. federal civilian agencies** to secure **FortiWeb** within **one week** after the flaw was exploited in **zero-day attacks**, sharply raising the urgency for fe...

Open Happening

Timeline

  1. 16.06.2026 13:30 2 articles · 1h ago

    Defused Cyber observes exploitation of three FortiSandbox vulnerabilities

    Initial Disclosure

    Defused Cyber said it observed exploitation of Fortinet FortiSandbox vulnerabilities CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours. The flaws include a FortiSandbox JRPC API path traversal issue in CVE-2026-39813, operating system command injection in CVE-2026-39808 and CVE-2026-25089, and CVE-2026-25089 was described as having a faulty exploit with no working public exploit disclosed.

    Show sources
    Open in new tab