Argument Injection Vulnerability in Fortinet FortiDeceptor
CVE-2026-25689

6MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortideceptor
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-25689?

Fortinet FortiDeceptor contains an argument injection vulnerability which can be exploited by a privileged attacker who has a super-admin profile and command-line interface (CLI) access. This flaw enables the attacker to send specially crafted HTTP requests that may lead to the deletion of sensitive files, posing a risk to the integrity and confidentiality of affected systems.

Affected Version(s)

FortiDeceptor 6.2.0

FortiDeceptor 6.0.0 <= 6.0.3

FortiDeceptor 5.3.0 <= 5.3.4

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-094

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Feb 5, 2026

CVE-2026-25689 Data

JSON