What the vulnerability does
01Description
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests.
CVSS base score
9.7/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:X/RC:X
Key dates
02Disclosure timeline
October 10, 2023
CVE published
January 14, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-5619 Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection
CVE-2021-1370 Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Privilege Escalation Vulnerability
CVE-2023-34276 D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability
CVE-2025-42892 OS Command Injection vulnerability in SAP Business Connector
CVE-2019-5129
