CVE-2026-25088 MEDIUM

CVE-2026-25088

Vendor Fortinet
Product FortiNDR
Weakness CWE-89 · SQLi
Published May 12, 2026
Last update May 12, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X

What the vulnerability does

01Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Key dates

02Disclosure timeline

May 12, 2026 CVE published
May 12, 2026 Record updated