An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Fortinet |
|
Configuration 1 [-]
|
No data.
References
| Link | Providers |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-26-094 |
|
History
Fri, 13 Mar 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:* |
Tue, 10 Mar 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 10 Mar 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests. | |
| First Time appeared |
Fortinet
Fortinet fortideceptor |
|
| Weaknesses | CWE-88 | |
| CPEs | cpe:2.3:a:fortinet:fortideceptor:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:4.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:5.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortideceptor:6.2.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Fortinet
Fortinet fortideceptor |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2026-03-10T16:44:15.347Z
Updated: 2026-03-10T17:41:33.407Z
Reserved: 2026-02-05T08:56:55.794Z
Link: CVE-2026-25689
Vulnrichment
Updated: 2026-03-10T17:34:38.549Z
NVD
Status : Analyzed
Published: 2026-03-10T18:18:37.893
Modified: 2026-03-13T19:08:47.447
Link: CVE-2026-25689
Redhat
No data.