Back to advisories

CISA urges immediate action on actively exploited Fortinet flaws

Two critical vulnerabilities in Fortinet FortiSandbox are actively exploited in the wild, enabling unauthenticated remote code execution via command injection with no user interaction required. All organizations running FortiSandbox are at immediate risk. Federal agencies have been ordered to patch by July 19, but this advisory applies to all environments.

CRITICALAdvisoryJul 19, 2026
Action required
Immediately inventory all Fortinet FortiSandbox instances. Patch to the latest version or apply vendor patches for CVE-2026-39808 and CVE-2026-25089 within 24 hours. If patching is not possible, isolate affected systems from external access until remediation is complete.
Affected products
FortinetFortiSandboxFortiClient EMSCISADefused