Threat Advisory FortiSandbox XSS Vulnerability Leads to Unauthorized Control and Information Disclosure Threat: Vulnerability Targeted Region: Global Targeted Sector: Technology & IT Criticality: High EXECUTIVE SUMMARY: Fortinet FortiSandbox contains a CVE-2025-52436 high‑severity cross‑site scripting (XSS) vulnerability stemming from improper input sanitization in the GUI, allowing unauthenticated attackers to craft malicious HTTP requests that inject executable script into the web interface; when an administrator or other privileged user interacts with the tainted page, the injected code can trigger and escalate into remote command execution, potentially leading to unauthorized access, data exfiltration, lateral movement, and evasion of sandboxing protections unless patched or mitigated through network segmentation and access controls. The vulnerability has a CVSS score of 7.9. RECOMMENDATION: We strongly recommend you update FortiSandbox to below link: https://fortiguard.fortinet.com/psirt/FG-IR-25-093 REFERENCES: The following reports contain further technical details: https://cybersecuritynews.com/fortisandbox-xss-vulnerability/ Recent Advisories XWiki Vulnerability Hijacks CSS Injection to Craft Illegitimate Link February 13, 2026 Notepad Vulnerability Triggers Arbitrary Code Execution Remotely February 13, 2026 Google Chrome Vulnerabilities Fix Race Condition and UI Spoofing Attacks February 13, 2026 Microsoft Outlook Phishing Campaign Harvesting Account Login Information February 13, 2026 Report an Incident Get 24/7 incident response assistance from our global team Hotline: +917969664500 Email: [email protected]