Unrated severityNVD Advisory· Published Mar 10, 2026· Updated Mar 10, 2026

CVE-2026-25689

Description

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.

Affected products

Fortinet/FortiDeceptorv5
cpe:2.3:a:fortinet:fortideceptor:6.2.0:*:*:*:*:*:*:*
Range: 6.2.0
Fortinet/FortiDeceptorllm-fuzzy
Range: >=6.2.0, 6.0 all, 5.3 all, 5.2 all, 5.1 all, 5.0 all, 4.3 all, 4.2 all, 4.1 all, 4.0 all

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-26-094mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000