Attackers are exploiting FortiSandbox vulnerabilities

Key Points:

• Three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox are being actively exploited by attackers.
• These vulnerabilities could allow unauthenticated command execution and authentication bypass, impacting systems reliant on FortiSandbox for threat detection and response.
• Organizations using FortiSandbox should immediately apply the patches released by Fortinet to mitigate these risks.

Technical Details: CVE-2026-39813 is a path traversal vulnerability in the JRPC API, while CVE-2026-39808 and CVE-2026-25089 are OS command injection vulnerabilities that enable unauthorized command execution through crafted HTTP requests.

MITRE ATT&CK Techniques:

• T1203 - Exploitation for Client Execution (Initial Access)
• T1068 - Exploit Public-Facing Application (Initial Access)

IOCs Mentioned: None mentioned