WEB Fortinet FortiSandbox start_vnc Command Injection (CVE-2026-25089)
Rule ID
1238572
Severity
Critical
Description
A command injection vulnerability has been reported in Fortinet FortiSandbox. The vulnerability is due insufficient validation of start_vnc request parameters used in the admin web service.
Impact
Remote command execution
Recommendation
Update vendor's patch.
IPS Category
Web threats
IPS Anomaly Group
N/A
IPS Rule Default Action
Deny
References
Keywords
N/A
Date Created
2026/06/23
Last Updated