【Vulnerability Alert】Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Have a Critical Cybersecurity Vulnerability (CVE-2026-25089)
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026061201064242 | Publication Time | 2026-06-12 13:30:43 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026-06-12 13:30:43 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Have a Critical Cybersecurity Vulnerability (CVE-2026-25089) |
|||
| [Content]
Forwarded from TWCERTCC Security Advisory TWCERTCC-200-202606-00000008 The web interfaces of Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS have a missing authorization vulnerability (CVE-2026-26089, CVSS: 9.8), which may allow an unauthenticated attacker to execute unauthorized code or commands through HTTP requests. |
|||
| [Affected Platform]
FortiSandbox versions 5.0.0 to 5.0.5 FortiSandbox versions 4.4.0 to 4.4.8 FortiSandbox Cloud versions 5.0.4 to 5.0.5 FortiSandbox PaaS versions 5.0.4 to 5.0.5 |
|||
| [Recommended Actions]
Please update to the following versions: FortiSandbox version 5.0.6 or later, inclusive FortiSandbox version 4.4.9 or later, inclusive FortiSandbox Cloud version 5.0.6 or later, inclusive FortiSandbox PaaS version 5.0.6 or later, inclusive |
|||
|
[Reference] |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw