www.securityweek.com 6/17/2026, 7:21:35 AM · external

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Developing story vulnerability 6 articles tracked

Multiple critical FortiSandbox vulnerabilities patched amid active exploitation

CyberSIXT Evidence Panel

Primary Source

socradar.io

CVE Intel

CVE-2026-39808 - NVD Not in KEV 9.1 CRITICAL

CVE-2026-39813 - NVD Not in KEV 9.1 CRITICAL

CVE-2026-25089 - NVD Not in KEV 9.1 CRITICAL

CISA KEV Not in KEV

Patch Patch Available

THREE newly patched vulnerabilities in Fortinet's FortiSandbox, rated critical, are actively being exploited. Defused's honeypots detected attempts targeting CVE-2026-39808, CVE-2026-39813, and CVE-2026-25089. CVE-2026-39808 allows authentication bypass, while CVE-2026-39813 enables OS command injection for arbitrary code execution. CVE-2026-25089 permits remote command execution by unauthenticated attackers.

Additionally, SOCRadar revealed over 30,000 Fortinet firewalls were compromised through a campaign called 'FortiBleed', affecting networks globally, mostly in India and the U.S. Attackers gathered verified credentials and monitored traffic, indicating a sophisticated and self-sustaining hacking operation.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline

#6 Jun 17, 2026, 01:11 PM

cybersixt.com
FortiSandbox CVE-2026-39813 lets hackers bypass auth, run code
#5 Jun 17, 2026, 06:53 AM Current article

www.securityweek.com
3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs
#4 Jun 16, 2026, 02:28 PM

cybersixt.com
Fortinet warns of active exploits in unpatched FortiSandbox flaws
#3 Jun 11, 2026, 10:31 AM

cybersixt.com
Fortinet patches CVE-2026-25089 in FortiSandbox command injection
#2 Jun 10, 2026, 09:11 AM

cybersixt.com
Critical Vulnerabilities Patched in Fortinet, Ivanti Products
#1 Jun 10, 2026, 02:41 AM

cybersixt.com
FortiSandbox flaw CVE-2026-25089 lets attackers run commands