A critical OS command injection vulnerability has been identified in Fortinet FortiSandbox versions 4.4.0 through 5.0.5, affecting both on-premises and cloud deployments. Unauthenticated remote attackers can exploit improper input validation in the VNC functionality to execute arbitrary system commands on affected systems.

Why it matters in Western Canada: FortiSandbox is commonly deployed by Canadian financial institutions, healthcare organizations, and government agencies for malware analysis and threat containment. Organizations across Western Canada using affected versions face immediate risk of unauthorized system access and data compromise.

CVEs: CVE-2026-25089

---

Summary generated from the original advisory. Read the full source: arctic-wolf