FortiSandbox Vulnerability Causes Device-Level Process Hijacking

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-25089, with a CVSS score of 9.1, is a critical OS command injection vulnerability affecting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS deployments. The flaw stems from improper handling of specially crafted JSON input supplied to the “start VNC” endpoint, enabling attackers to inject and execute arbitrary operating-system commands through unauthenticated HTTP requests. An attacker requires only network access to the vulnerable web interface and no prior credentials to exploit the issue. Successful exploitation can result in full command execution on the underlying host, leading to complete compromise of the sandbox environment, unauthorized access to sensitive information, and potential lateral movement within connected networks. The business impact includes loss of data confidentiality and integrity, operational disruption, reputational harm, and possible regulatory consequences resulting from the breakdown of security isolation controls.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

RECOMMENDATION:

We strongly recommend you update FortiSandbox to below version:
https://fortiguard.fortinet.com/psirt/FG-IR-26-141

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/cve-2026-25089-fortisandbox-patch/

[/emaillocker]

Recent Advisories

Lucid Stealer Steals Browser History Data and Discord Entries

June 10, 2026

UNK DeadDrop Campaign Employs Manipulative Job Lures and VSIX Installer

June 10, 2026

LiteLLM Vulnerability Enables Remote Code Execution

June 10, 2026

Global Smishing Operation Actively Leverages Deceptive Gateway Error Pages

June 10, 2026

FortiSandbox Vulnerability Causes Device-Level Process Hijacking

Recent Advisories

Report an Incident