SpirityCVE

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Fortideceptor

No data.

References

Link	Providers
https://www.spirityenterprise.com/pentest
https://www.spirityenterprise.com/virtual-ciso
https://fortiguard.fortinet.com/psirt/FG-IR-26-094

History

Tue, 10 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.
First Time appeared		Fortinet Fortinet fortideceptor
Weaknesses		CWE-88
CPEs		cpe:2.3:a:fortinet:fortideceptor:4.0.0:::::::* cpe:2.3:a:fortinet:fortideceptor:4.0.1:::::::* cpe:2.3:a:fortinet:fortideceptor:4.0.2:::::::* cpe:2.3:a:fortinet:fortideceptor:4.1.0:::::::* cpe:2.3:a:fortinet:fortideceptor:4.1.1:::::::* cpe:2.3:a:fortinet:fortideceptor:4.2.0:::::::* cpe:2.3:a:fortinet:fortideceptor:4.3.0:::::::* cpe:2.3:a:fortinet:fortideceptor:5.0.0:::::::* cpe:2.3:a:fortinet:fortideceptor:5.1.0:::::::* cpe:2.3:a:fortinet:fortideceptor:5.2.0:::::::* cpe:2.3:a:fortinet:fortideceptor:5.2.1:::::::* cpe:2.3:a:fortinet:fortideceptor:5.2.2:::::::* cpe:2.3:a:fortinet:fortideceptor:5.3.0:::::::* cpe:2.3:a:fortinet:fortideceptor:5.3.1:::::::* cpe:2.3:a:fortinet:fortideceptor:5.3.2:::::::* cpe:2.3:a:fortinet:fortideceptor:5.3.3:::::::* cpe:2.3:a:fortinet:fortideceptor:5.3.4:::::::* cpe:2.3:a:fortinet:fortideceptor:6.0.0:::::::* cpe:2.3:a:fortinet:fortideceptor:6.0.1:::::::* cpe:2.3:a:fortinet:fortideceptor:6.0.2:::::::* cpe:2.3:a:fortinet:fortideceptor:6.0.3:::::::* cpe:2.3:a:fortinet:fortideceptor:6.2.0:::::::*
Vendors & Products		Fortinet Fortinet fortideceptor
References		https://fortiguard.fortinet.com/psirt/FG-IR-26-094
Metrics		cvssV3_1 `{'score': 6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2026-03-10T16:44:15.347Z

Updated: 2026-03-10T17:41:33.407Z

Reserved: 2026-02-05T08:56:55.794Z

Link: CVE-2026-25689

Vulnrichment

Updated: 2026-03-10T17:34:38.549Z

NVD

Status : Received

Published: 2026-03-10T18:18:37.893

Modified: 2026-03-10T18:18:37.893

Link: CVE-2026-25689

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object