FortiSandbox unauthenticated OS command injection in VNC handler (CVSS 9.8); dropped from brief - no inclusion gate cleared
cve · CVE-2026-25089
Coverage timeline
1
first 2026-06-11 → last 2026-06-11
Briefs
1
1 distinct
Sources cited
6
4 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-11CTI Daily Brief — 2026-06-11
Source distribution
- crowdstrike.com2 (33%)
- fortiguard.fortinet.com2 (33%)
- bleepingcomputer.com1 (17%)
- security-hub.ncsc.admin.ch1 (17%)
External references
All cited sources (6)
- bleepingcomputer.cominlineBleepingComputer, 2026-05-13https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-flaws-in-fortisandbox-and-fortiauthenticator/
- crowdstrike.cominlineCrowdStrike bloghttps://www.crowdstrike.com/en-us/blog/crowdstrike-2026-financial-services-threat-landscape-report/
- crowdstrike.cominlineCrowdStrike press releasehttps://www.crowdstrike.com/en-us/press-releases/crowdstrike-2026-financial-services-threat-landscape-report/
- fortiguard.fortinet.cominlineFortinet PSIRT FG-IR-26-128 / FG-IR-26-136https://fortiguard.fortinet.com/psirt/FG-IR-26-128
- fortiguard.fortinet.cominlineFortinet PSIRT FG-IR-26-136https://fortiguard.fortinet.com/psirt/FG-IR-26-136
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub #12569, 2026-05-13https://security-hub.ncsc.admin.ch/#/posts/12569
Items in briefs about FortiSandbox unauthenticated OS command injection in VNC handler (CVSS 9.8); dropped from brief - no inclusion gate cleared
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.