Is CVE-2026-25089 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-25089 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-25089

Three chained vulnerabilities in FortiSandbox allow unauthenticated remote command execution at CVSS 9.1. Active exploitation confirmed. The devices purchased to protect legacy web infrastructure are now the entry point.

2026

What WebPulse reported · 1 analysis

Fortinet FortiSandbox Hit With 3-CVE Exploit Chain. The Security Appliance Is the Attack Surface.

Three chained vulnerabilities in FortiSandbox allow unauthenticated remote command execution at CVSS 9.1. Active exploitation confirmed. The devices purchased t

June 17, 2026

View CVE-2026-25089 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657