FortiSandbox 4.2-5.0.5 Path Traversal Enables Privileged Directory Delete via CLI
CVE-2026-25691 Published on April 14, 2026
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.
Vulnerability Analysis
CVE-2026-25691 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity and availability.
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2026-25691 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2026-25691
Want to know whenever a new CVE is published for Fortinet products? stack.watch will email you.
Affected Versions
Fortinet FortiSandbox PaaS:- Version 5.0.4 is affected.
- Version 5.0.4 is affected.
- Version 5.0.0, <= 5.0.5 is affected.
- Version 4.4.0, <= 4.4.8 is affected.
- Version 4.2.1, <= 4.2.8 is affected.