Lucene search
K

646 matches found

Nuclei
Nuclei
added yesterday98 views

Fortinet FortiSandbox - Command Injection

Fortinet FortiSandbox 4.4.0 through 4.4.8 contains a command injection caused by improper neutralization of special elements in OS commands, letting attackers execute unauthorized code or commands, exploit requires crafted input. id: CVE-2026-39808 info: name: Fortinet FortiSandbox - Command...

9.8CVSS7.2AI score0.48668EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Fortinet FortiSandbox 4.4.x < 4.4.9 / 5.0.x < 5.0.6 Multiple Vulnerabilities

The version of Fortinet FortiSandbox installed on the remote host is 4.4.x prior to 4.4.9 or 5.0.x prior to 5.0.6. It is, therefore, affected by multiple vulnerabilities: - An OS command injection vulnerability may allow an unauthenticated attacker to execute unauthorized commands via specificall...

9.8CVSS7.6AI score0.23393EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Fortinet FortiSandbox 4.4.x < 4.4.9 OS Command Injection (FG-IR-26-100)

The version of Fortinet FortiSandbox installed on the remote host is 4.4.x prior to 4.4.9. It is, therefore, affected by a vulnerability: - An improper neutralization of special elements used in an OS command injection vulnerability may allow an attacker to execute unauthorized code or commands...

9.8CVSS7.6AI score0.48668EPSS
Exploits6References2
The Hacker News
The Hacker News
added 2026/06/16 10:30 a.m.44 views

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours...

9.8CVSS6.6AI score0.48668EPSS
Exploits7
VulnCheck KEV
VulnCheck KEV
added 2026/06/15 12:0 a.m.13 views

VulnCheck KEV: CVE-2026-39813

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via specially crafted HTTP requests...

9.8CVSS5.8AI score0.16739EPSS
In wildExploits2References4
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.63 views

📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection

This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by leveraging two disclosed vulnerabilities: an authentication bypass and a command injection flaw. The module supports multiple collection modes, including...

9.8CVSS5.9AI score0.48668EPSS
Exploits7
Packet Storm News
Packet Storm News
added 2026/06/12 12:0 a.m.26 views

FortiSandbox Endpoint Validation Tool

This Python script is a utility designed to evaluate the exposure and configuration state of a FortiSandbox deployment through publicly reachable management endpoints...

5.3AI score
Exploits0
NCSC
NCSC
added 2026/06/11 8:6 a.m.13 views

Vulnerability handling in Fortinet FortiSandbox

Fortinet has identified a vulnerability in FortiSandbox versions 4.2 through 5.0.5, including FortiSandbox Cloud and FortiSandbox PaaS. The vulnerability involves OS command injection in the FortiSandbox’s webinterface. As a result, unauthorized attackers can execute arbitrary OS commands by...

9.8CVSS6.3AI score0.23393EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.11 views

FortiSandbox Exposure Scanner

This Metasploit auxiliary scanner module performs passive exposure assessment of FortiSandbox deployments by identifying platform fingerprints, collecting publicly accessible version metadata, and evaluating API exposure levels without using exploit functionality. The module validates whether a...

5.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/10 3:10 p.m.19 views

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox...

10CVSS9.6AI score0.99041EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.18 views

CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS6AI score0.23393EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.17 views

EUVD-2026-35443

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS5.7AI score0.23393EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 2:27 p.m.116 views

CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS0.23393EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 2:27 p.m.129 views

CVE-2026-25089

CVE-2026-25089 is an OS command injection affecting FortiSandbox family (FortiSandbox 5.0.0–5.0.5, 4.4.0–4.4.8, 4.2.x; Cloud 5.0.4–5.0.5; PaaS 5.0.4–5.0.5) via unauthenticated crafted HTTP requests. Root cause: improper neutralization of special elements in OS commands. Impact: remote command exe...

9.8CVSS5.7AI score0.23393EPSS
In wildExploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2026/06/09 2:27 p.m.9 views

CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS5.7AI score0.23393EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/06/09 12:0 a.m.14 views

VulnCheck KEV: CVE-2026-39808

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...

9.8CVSS6.2AI score0.48668EPSS
In wildExploits6References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47809

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.5 FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox version 4.2 FortiSandbox Cloud versions 5.0.4 through 5.0.5 FortiSandbox PaaS versions 5.0.4 through 5.0.5 Description An OS command injection iss...

10CVSS6.3AI score0.23393EPSS
Exploits0References56
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Fortinet多款产品 操作系统命令注入漏洞

FortiSandbox is a security sandbox product provided by Fortinet, primarily used for detecting and analyzing malware. Fortinet FortiSandbox has a vulnerability related to OS command injection. This vulnerability stems from an inability to properly neutralize the special elements used in OS command...

9.8CVSS7.4AI score0.23393EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-61886

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests...

5.4CVSS5.4AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39812

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

4.8CVSS5.7AI score0.00193EPSS
Exploits0References1
Rows per page
Query Builder