THURSDAY, JULY 16, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 1h ago

FortiSandbox Flaw Added to CISA KEV: Unauthenticated RCE

By Meridian48 News Desk · Summarised from Hacker News ·

CVE-2026-25089 is an unauthenticated command injection vulnerability in FortiSandbox, now added to CISA's Known Exploited Vulnerabilities catalog. The flaw allows remote attackers to execute arbitrary commands without authentication. Fortinet has released patches; administrators should apply them immediately.

Meridian48 take
The inclusion in CISA KEV confirms active exploitation, making this a must-patch for any organization using FortiSandbox.
Read the full reporting
CVE-2026-25089: FortiSandbox unauthenticated command injection added to CISA KEV →
Hacker News
cve-2026-25089fortinet
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan