CVE-2026-25690

Summary

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiDeceptor6.0.0 <= 6.0.2affected
FortinetFortiDeceptor5.3.0 <= 5.3.3affected
FortinetFortiDeceptor5.2.0 <= 5.2.1affected
FortinetFortiDeceptor5.1.0affected
FortinetFortiDeceptor5.0.0affected

Weaknesses

  • CWE-88: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References