CVE-2026-25690

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.

Vulnerability Details

Published Date

May 12, 2026

Last Modified

May 18, 2026

CWE ID

CWE-88

Source

NVD

Vendor

Fortinet

Product

FortiDeceptor

External References

https://fortiguard.fortinet.com/psirt/FG-IR-26-138

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment