← Home
Arbitrary directory delete on vmimages delete feature
Source: fortinet / FG-IR-26-115
— original advisory
Published: 2026-04-14
· Last updated: 2026-04-14
· Vendor severity: Not rated by vendor
CVEs
| CVE | CVSS | CWE | Exploitation |
| CVE-2026-25691 |
6.2 |
CWE-22: Path Traversal |
Not observed in the wild |
Affected Products
| Product | Affected versions | Fixed version |
| FortiSandbox |
5.0.5 |
Not specified by vendor |
| FortiSandbox |
5.0.4 |
Not specified by vendor |
| FortiSandbox |
5.0.3 |
Not specified by vendor |
| FortiSandbox |
5.0.2 |
Not specified by vendor |
| FortiSandbox |
5.0.1 |
Not specified by vendor |
| FortiSandbox |
5.0.0 |
Not specified by vendor |
| FortiSandbox |
4.4.8 |
Not specified by vendor |
| FortiSandbox |
4.4.7 |
Not specified by vendor |
| FortiSandbox |
4.4.6 |
Not specified by vendor |
| FortiSandbox |
4.4.5 |
Not specified by vendor |
| FortiSandbox |
4.4.4 |
Not specified by vendor |
| FortiSandbox |
4.4.3 |
Not specified by vendor |
| FortiSandbox |
4.4.2 |
Not specified by vendor |
| FortiSandbox |
4.4.1 |
Not specified by vendor |
| FortiSandbox |
4.4.0 |
Not specified by vendor |
| FortiSandbox |
4.2.8 |
Not specified by vendor |
| FortiSandbox |
4.2.7 |
Not specified by vendor |
| FortiSandbox |
4.2.6 |
Not specified by vendor |
| FortiSandbox |
4.2.5 |
Not specified by vendor |
| FortiSandbox |
4.2.4 |
Not specified by vendor |
| FortiSandbox |
4.2.3 |
Not specified by vendor |
| FortiSandbox |
4.2.2 |
Not specified by vendor |
| FortiSandbox |
4.2.1 |
Not specified by vendor |
| FortiSandbox Cloud |
5.0.4 |
Not specified by vendor |
| FortiSandbox PaaS |
5.0.4 |
Not specified by vendor |