EUVD-2026-22338
GHSA-wfjv-vrx5-2cf2
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
AnalysisAI
OS command injection in Fortinet FortiSandbox 4.4.0 through 4.4.8 and FortiSandbox PaaS (versions 21.3 through 23.4) allows unauthenticated remote attackers to execute arbitrary commands or code via unsanitized input to vulnerable components. The CVSS 9.8 (Critical) score reflects network-accessible exploitation requiring no authentication or user interaction. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all FortiSandbox instances (on-premise and PaaS) in your environment and inventory their versions; immediately isolate or restrict network access to any instance running 4.4.0-4.4.8 or PaaS 21.3-23.4 unless critical business justification exists. Within 7 days: Contact Fortinet support to obtain patched versions and prioritize PaaS instances for upgrade (typically faster than on-premise); implement network segmentation so FortiSandbox has minimal lateral movement capability if compromised. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today