CVE-2026-25836

EUVD-2026-10531
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow  a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
fortinetCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
fortinetfortisandbox_cloud
5.0.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fortinetfortisandbox
5.0.4
CNA
Common Weakness Enumeration
References
https://fortiguard.fortinet.com/psirt/FG-IR-26-096