www.infosecurity-magazine.com 7/17/2026, 10:01:59 AM · external

CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities

CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities
Developing story vulnerability 33 articles tracked
Fortinet FortiSandbox vulnerabilities exploited in global FortiBleed campaign
CyberSIXT Evidence Panel
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Available

THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated urgent patches for two critical vulnerabilities in Fortinet's FortiSandbox, identified as CVE-2026-39808 and CVE-2026-25089, both rated 9.1 on the CVSS scale. These vulnerabilities enable unauthorized command execution when exploited. CISA has added these flaws to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement patches by July 19, 2026.

Additionally, CISA advised discontinuing the use of affected cloud services if patches are not feasible. Fortinet has released corresponding patches in versions 4.4.9 and 5.0.6.

View Primary Source Via www.infosecurity-magazine.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline