Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Fortinet FortiSandbox is under active exploitation for three critical unauthenticated RCE vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089). All three bypass authentication and allow arbitrary command execution via HTTP requests. Organizations running FortiSandbox are at immediate risk of compromise regardless of patch status.

CRITICALAdvisoryJun 16, 2026

Action required

Immediately patch FortiSandbox to the latest version. If patching cannot be done within 24 hours, isolate affected instances from production networks and implement network-level restrictions on FortiSandbox access.

Affected products

FortinetFortiSandboxFortiClient EMSDefused Cyber

CVE IDs

CVE-2026-39813 CVE-2026-39808 CVE-2026-25089

Linked articles

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Source links

https://thehackernews.com/2026/06/attackers-exploit-three-fortinet.html