Critical FortiSandbox Flaw: Unauthenticated Command Injection Added to CISA KEV
CVE-2026-25089: FortiSandbox unauthenticated command injection added to CISA KEV

I uncovered a critical unauthenticated command injection in FortiSandbox, now listed on the CISA Known Exploited Vulnerabilities catalog with a CVSS score of 9.8. This is the third such flaw exploited in the wild against Fortinet's sandbox in just two months, allowing attackers to execute shell commands via the web interface without any login. Organizations must immediately patch to version 4.4.9 or 5.0.6 and isolate management interfaces to prevent full network compromise.
"FortiSandbox is a high-value target because integrated Fortinet products consume its threat verdicts to enforce blocking decisions and trigger automated responses."