Three critical vulnerabilities in Fortinet's sandbox product have been exploited by unknown attackers, allowing them to bypass authentication, escalate privileges, and execute malicious code. The flaws, identified as CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, have a CVSS rating of 9.1, indicating a high level of severity. Fortinet patched two of the vulnerabilities in April, with the third being addressed last week. Notably, CVE-2026-39813 is a path traversal bug in the FortiSandbox JRPC API that enables authentication bypass using specially crafted requests1. The active exploitation of these vulnerabilities highlights the importance of prompt patching, particularly given the high severity of the flaws. This situation matters to security practitioners because the exploitation status of CVE-2026-39813 will determine whether immediate action is required or if monitoring is sufficient.
Three critical Fortinet sandbox bugs splattered by unknown attackers
⚡ High Priority
Why This Matters
CVE-2026-39813 is in active discussion involving Fortinet — exploitation status determines whether this is patch-now or monitor.
References
- The Register. (2026, June 16). Three critical Fortinet sandbox bugs splattered by unknown attackers. *The Register*. https://www.theregister.com/security/2026/06/16/three-critical-fortinet-sandbox-bugs-splattered-by-unknown-attackers/5256461
Original Source
The Register
Read original →