SECURITYTHE REGISTER
Three critical Fortinet sandbox bugs splattered by unknown attackers
Three critical vulnerabilities in Fortinet's FortiSandbox are being actively exploited by unknown attackers. Fortinet has patched two of the flaws (CVE-2026-39813 and CVE-2026-39808) in April and a third (CVE-2026-25089) last week, all rated 9.1 on the CVSS scale. Threat intelligence firm Defused reported ongoing exploitation attempts, including unpatched vulnerabilities allowing remote code execution and authentication bypass.
Mentioned
Related Signal
Adjacent reporting
- Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
- Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
- Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
- Max severity Flowise RCE vulnerability now exploited in attacks
- More Cisco SD-WAN bugs battered in attacks
- NGINX Rift attackers waste no time targeting exposed servers