› 13:56:22 CCB CVE-2026-10520 CRITICAL ROOT-LEVEL REMOTE CODE EXECUTION AND AUTHENTICATION BYPASS V… · › 12:41:29 CCB — Belgium tests cyber crisis response during Cyber Europe 2026 · › 12:35:37 CCB — Safeonweb fairy tales win another award · › 11:30:53 BSI — Synacor Zimbra: Schwachstelle ermöglicht nicht spezifizierten Angriff · › 11:25:52 BSI CVE-2026-49980 rclone: Schwachstelle ermöglicht Ausführen von beliebigem Programmcod… · › 11:15:54 BSI CVE-2026-48914 QEMU: Schwachstelle ermöglicht Denial of Service · › 11:15:53 BSI — MISP: Mehrere Schwachstellen · › 11:05:53 BSI CVE-2026-11933 MongoDB: Schwachstelle ermöglicht Denial of Service und Offenlegung v… · › 11:00:53 BSI CVE-2026-3329 Sonatype Nexus Repository Manager: Schwachstelle ermöglicht Offenlegu… · › 11:00:53 BSI CVE-2026-53966 xwiki (Live Data): Schwachstelle ermöglicht Privilegieneskalation · › 11:00:00 CERT.PL — UNC1151/Ghostwriter phishing campaign targeting Gmail accounts · › 10:55:53 BSI CVE-2026-7870 IBM i: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode… ·

Critique CCB · Belgique CVE-2026-25089

Fortinet Addresses a Critical Command Injection Vulnerability in Fort…

Publié 11 juin 2026 à 14:31

Description

CVE-2026-25089 is a critical OS command injection vulnerability, with CVSS score of 9.8, affecting FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5. The vulnerability arises from improper neutralization of special elements used in an OS command in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI, allowing an unauthenticated remote attacker to execute unauthorized commands through specially crafted HTTP requests.