Is Command Injection affected by CVE-2026-25836?

A command injection vulnerability in FortiSandbox Cloud 5.0.4 allows privileged administrators to execute unauthorized code, potentially compromising sandbox infrastructure and security operations.

CVE-2026-25836

HIGH

2026-03-10 [email protected]

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 10, 2026 - 18:18 nvd

HIGH 7.2

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.

Analysis

Fortinet FortiSandbox Cloud 5.0.4 contains an OS command injection vulnerability that allows privileged super-admin users with CLI access to execute arbitrary code through malicious HTTP requests. The vulnerability requires high privileges and direct access but carries high impact including confidentiality, integrity, and availability compromise. …

Remediation

Within 24 hours: Audit and document all users with super-admin and CLI access to FortiSandbox Cloud 5.0.4 instances; disable CLI access for non-essential administrators. Within 7 days: Implement network segmentation to restrict FortiSandbox management interfaces to a dedicated administrative network; enable enhanced logging and monitoring for all CLI and HTTP requests to the affected system. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +36

POC: 0

CVE-2026-25836 vulnerability details – vuln.today

Back

CVE-2026-25836

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-25836

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code