{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-25089: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-25089","status":"final","version":"1","initial_release_date":"2026-06-09T14:27:47.492Z","current_release_date":"2026-06-10T13:35:01.375Z","revision_history":[{"date":"2026-06-09T14:27:47.492Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-25089 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-25089"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-25089"},{"category":"external","summary":"https://fortiguard.fortinet.com/psirt/FG-IR-26-141","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-141"}]},"product_tree":{"branches":[{"category":"vendor","name":"Fortinet","branches":[{"category":"product_name","name":"FortiSandbox","branches":[{"category":"product_version_range","name":">=5.0.0 <=5.0.5","product":{"name":"Fortinet FortiSandbox >=5.0.0 <=5.0.5","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=4.4.0 <=4.4.8","product":{"name":"Fortinet FortiSandbox >=4.4.0 <=4.4.8","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=4.2.1 <=4.2.8","product":{"name":"Fortinet FortiSandbox >=4.2.1 <=4.2.8","product_id":"CSAFPID-3","product_identification_helper":{"cpe":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*"}}}]}]},{"category":"vendor","name":"Fortinet","branches":[{"category":"product_name","name":"FortiSandbox Cloud","branches":[{"category":"product_version_range","name":">=5.0.4 <=5.0.5","product":{"name":"Fortinet FortiSandbox Cloud >=5.0.4 <=5.0.5","product_id":"CSAFPID-4","product_identification_helper":{"cpe":"cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*"}}}]}]},{"category":"vendor","name":"Fortinet","branches":[{"category":"product_name","name":"FortiSandbox PaaS","branches":[{"category":"product_version_range","name":">=5.0.4 <=5.0.5","product":{"name":"Fortinet FortiSandbox PaaS >=5.0.4 <=5.0.5","product_id":"CSAFPID-5","product_identification_helper":{"cpe":"cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-25089","title":"A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5","notes":[{"category":"description","text":"A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1","CSAFPID-2","CSAFPID-3","CSAFPID-4","CSAFPID-5"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","baseScore":9.1,"baseSeverity":"CRITICAL"},"products":["CSAFPID-1","CSAFPID-2","CSAFPID-3","CSAFPID-4","CSAFPID-5"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1","CSAFPID-2","CSAFPID-3","CSAFPID-4","CSAFPID-5"]}]}]}