Attacks Exploiting Three Fortinet FortiSandbox Vulnerabilities — One Patched

Colleagues, a cybersecurity alert: attackers are targeting FortiSandbox.
Defused Cyber reports exploitation of CVE-2026-39813 and CVE-2026-39808 (path traversal and OS command injection); these were patched in April 2026. Last week Fortinet patched CVE-2026-25089 (OS command injection in the FortiSandbox/Cloud/PaaS web UI); an exploit was found showing signs of AI-assisted development but is currently non-functional and no public code exists.
Why it matters: these flaws allow unauthenticated command execution — I recommend immediate patching and enhanced monitoring.
How do you plan to respond in your environments?
#cybersecurity #Fortinet #vulnerabilities #infosec


Latest comments
No comments yet.