CVE-2026-25691_CVE-2026-25691

6.2 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H/E:F/RL:O/RC:C

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.

Basic Information

ID CVE-2026-25691

Source fortinet

Published Apr 14, 2026 at 15:38

Affected Product

Vendor Fortinet

Product FortiSandbox PaaS

Version 5.0.4

Affected Versions Fortinet FortiSandbox PaaS 5.0.4
Fortinet FortiSandbox Cloud 5.0.4
Fortinet FortiSandbox 5.0.0
Fortinet FortiSandbox 4.4.0
Fortinet FortiSandbox 4.2.1

CWE Classification

CWE-22

References

fortiguard.fortinet.com /psirt/FG-IR-26-115

{
    "lastseen": "",
    "description": "A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.",
    "published": "2026-04-14T15:38:16.406Z",
    "modified": "2026-04-14T15:38:16.406Z",
    "type": "cve",
    "title": "CVE-2026-25691",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-26-115",
    "id": "CVE-2026-25691",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiSandbox PaaS 5.0.4\nFortinet FortiSandbox Cloud 5.0.4\nFortinet FortiSandbox 5.0.0\nFortinet FortiSandbox 4.4.0\nFortinet FortiSandbox 4.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.2,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H/E:F/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiSandbox PaaS",
    "version": "5.0.4",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}