CVE-2026-25690_CVE-2026-25690

4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C

Description

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.

Basic Information

ID CVE-2026-25690

Source fortinet

Published May 12, 2026 at 16:54

Affected Product

Vendor Fortinet

Product FortiDeceptor

Version 6.0.0

Affected Versions Fortinet FortiDeceptor 6.0.0
Fortinet FortiDeceptor 5.3.0
Fortinet FortiDeceptor 5.2.0
Fortinet FortiDeceptor 5.1.0
Fortinet FortiDeceptor 5.0.0

CWE Classification

CWE-88

References

fortiguard.fortinet.com /psirt/FG-IR-26-138

{
    "lastseen": "",
    "description": "An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.",
    "published": "2026-05-12T16:54:10.546Z",
    "modified": "2026-05-12T16:54:10.546Z",
    "type": "cve",
    "title": "CVE-2026-25690",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-26-138",
    "id": "CVE-2026-25690",
    "bulletinFamily": "",
    "cwe": [
        "CWE-88"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiDeceptor 6.0.0\nFortinet FortiDeceptor 5.3.0\nFortinet FortiDeceptor 5.2.0\nFortinet FortiDeceptor 5.1.0\nFortinet FortiDeceptor 5.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiDeceptor",
    "version": "6.0.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}