16 June 2026
Reference: CVE-2026-25089
1. What is being reported?
Researchers have discovered a critical vulnerability in Fortinet FortiSandbox versions 4.2, 4.4.0 to 4.4.8, 5.0.0 to 5.0.5, and related cloud and platform versions. The flaw allows attackers to send specially crafted web requests that can execute commands on the system without authentication. This type of weakness is known as 'OS command injection.'
2. What this means in plain English
If your organisation uses FortiSandbox software in any of the affected versions, attackers could potentially take control of your system remotely. This could lead to theft of sensitive information, disruption of services, or damage to your IT environment. Because the attack does not require a password, it is especially dangerous.
3. Could this affect a small business?
Small businesses that use Fortinet FortiSandbox software in the listed versions could be at risk. If you do not use this product, or if your software is updated beyond these versions, you are unlikely to be affected. Check with your IT provider to confirm whether your systems use FortiSandbox and which version is installed.
4. What to do now
- Contact your IT provider immediately to check if your FortiSandbox software is one of the affected versions.
- If you use FortiSandbox, arrange to apply any available security updates or patches from Fortinet as soon as possible.
- Monitor your systems for unusual activity and report any suspicious behaviour to your IT support.
- Ensure your network and security systems are properly configured to limit exposure to external threats.
5. Ask your IT provider
Can you confirm if our Fortinet FortiSandbox software is affected by the CVE-2026-25089 vulnerability, and if so, what steps are being taken to secure our systems?
6. Bottom line
If you use FortiSandbox, act quickly to update and secure your systems to prevent serious security breaches.
Information based on CISA KEV, NVD, and reputable security news reporting.