[Security Vulnerability Alert] Fortinet's FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS have a critical cybersecurity vulnerability (CVE-2026-25089).

 
2026/6/16 ~ 2026/12/16
View Count:40

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202606-00000008

[Content Description]
A lack of authorization vulnerability (CVE-2026-26089, CVSS: 9.8) exists in the web interfaces of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS, all owned by Fortinet. This vulnerability could allow unauthenticated attackers to execute unauthorized code or commands via HTTP requests.

[Affected Platforms]
FortiSandbox versions 5.0.0 to 5.0.5
FortiSandbox versions 4.4.0 to 4.4.8
FortiSandbox Cloud versions 5.0.4 to 5.0.5
FortiSandbox PaaS versions 5.0.4 to 5.0.5

[Recommended Actions]
Please update to the following versions: FortiSandbox 5.0.6 and later, FortiSandbox 4.4.9 and later, FortiSandbox Cloud 5.0.6 and later, FortiSandbox PaaS 5.0.6 and later

[References]
1. https://www.twcert.org.tw/tw/cp-169-10962-d96f7-1.html

Files
system_update_alt參考資料
【Back】
Top↑