OS command injection on vmimages update feature
Summary
CVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests. Revised on 2026-03-26 00:00:00
- FortiSandbox Cloud 5.0: 5.0.4
- FortiSandbox PaaS 5.0: 5.0.4
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- FortiSandbox Cloud 5.0: 5.0.5
- FortiSandbox PaaS 5.0: 5.0.5
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Upgrade per the Affected/Solution table: FortiSandbox Cloud 5.0: 5.0.5; FortiSandbox PaaS 5.0: 5.0.5.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.