Attackers are actively exploiting two critical vulnerabilities in Fortinet's FortiSandbox product, identified as CVE-2026-39808 and CVE-2026-25089, which have a CVSS score of 9.1. These OS command injection flaws allow unauthorized users to execute arbitrary commands via crafted HTTP requests, without requiring credentials or user interaction. Fortinet released patches for these vulnerabilities, with the fix for CVE-2026-39808 issued in April. The Cybersecurity and Infrastructure Security Agency (CISA) has taken notice of the active exploitation and has issued a patch order. The fact that these flaws are being actively targeted by attackers underscores the urgency of applying the available patches1. This matters to security practitioners because the exploitation status of CVE-2026-39808, in particular, dictates whether this is a patch-now situation or one that requires ongoing monitoring.
Attackers target critical FortiSandbox flaws as CISA issues patch order
⚡ High Priority
Why This Matters
CVE-2026-39808 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- The Register. (2026, July 17). Attackers target critical FortiSandbox flaws as CISA issues patch order. *The Register*. https://www.theregister.com/security/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/5274287
Original Source
The Register
Read original →