CVE-2026-25088: SQL Injection

Q: What is the severity of CVE-2026-25088?

CVE-2026-25088 has a severe impact as it allows authenticated attackers to execute arbitrary SQL commands.

Q: How do I fix CVE-2026-25088?

To fix CVE-2026-25088, upgrade Fortinet FortiNDR to version 7.6.3 or later.

Q: What versions of Fortinet FortiNDR are affected by CVE-2026-25088?

CVE-2026-25088 affects Fortinet FortiNDR versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.9, and all versions of 7.2, 7.1, and 7.0.

Q: Can CVE-2026-25088 be exploited remotely?

No, CVE-2026-25088 requires authenticated access to exploit the SQL injection vulnerability.

Q: What types of attacks can CVE-2026-25088 facilitate?

CVE-2026-25088 can facilitate data leakage, data manipulation, and unauthorized access due to SQL injection.

Published May 12, 2026

Updated

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Affected Software

3 affected components

Fortinet FortiNDR>=7.6.0<=7.6.2, >=7.4.0<=7.4.9, >=7.2, >=7.1, >=7.0

Fortinet FortiNDR>=7.0.0<7.4.10

Fortinet FortiNDR>=7.6.0<7.6.3

Remediation

Information

Upgrade to FortiNDR version 7.6.3 or above Upgrade to FortiNDR version 7.4.10 or above

Event History

May 12, 2026

CVE Published

via MITRE·04:54 PM

Data Sourced

via MITRE·04:54 PM

RemedyDescriptionSeverityWeakness

Data Sourced

via NVD·06:16 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-25088?

CVE-2026-25088 has a severe impact as it allows authenticated attackers to execute arbitrary SQL commands.

How do I fix CVE-2026-25088?

To fix CVE-2026-25088, upgrade Fortinet FortiNDR to version 7.6.3 or later.

What versions of Fortinet FortiNDR are affected by CVE-2026-25088?

CVE-2026-25088 affects Fortinet FortiNDR versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.9, and all versions of 7.2, 7.1, and 7.0.

Can CVE-2026-25088 be exploited remotely?

No, CVE-2026-25088 requires authenticated access to exploit the SQL injection vulnerability.

What types of attacks can CVE-2026-25088 facilitate?

CVE-2026-25088 can facilitate data leakage, data manipulation, and unauthorized access due to SQL injection.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2026-25088: SQL Injection

Affected Software

Remediation

Information

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2026-25088?

How do I fix CVE-2026-25088?

What versions of Fortinet FortiNDR are affected by CVE-2026-25088?

Can CVE-2026-25088 be exploited remotely?

What types of attacks can CVE-2026-25088 facilitate?

Company

Resources

Contact