Attackers have begun exploiting two critical vulnerabilities in Fortinet's FortiSandbox product, specifically CVE-2026-39808 and CVE-2026-39813, which were patched by the vendor in April. The first reported exploitation of CVE-2026-39808, an OS-command injection vulnerability, occurred on June 9, according to VulnCheck. This development is significant as it confirms that malicious actors are now taking advantage of these flaws to target FortiSandbox users. Although Fortinet has not publicly confirmed the exploitation, the active discussion around CVE-2026-39808 suggests that the company is aware of the issue1. The exploitation of these vulnerabilities highlights the importance of prompt patching, as delaying updates can leave networks exposed to attacks. So what matters to practitioners is that they should prioritize patching these vulnerabilities to prevent potential breaches, given the active exploitation of these flaws.
Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April
⚠️ Critical Alert
Why This Matters
CVE-2026-39808 is in active discussion involving Fortinet — exploitation status determines whether this is patch-now or monitor.
References
- CyberScoop. (2026, June 17). Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April. CyberScoop. https://cyberscoop.com/fortinet-fortisandbox-vulnerabilities-exploits/
Original Source
CyberScoop
Read original →