FORTISANDBOX has critical vulnerabilities (CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089) affecting its API and Web UI components, allowing attackers to bypass authentication, escalate privileges, and execute commands without valid credentials. These vulnerabilities have a CVSS score of 9.8, indicating high severity. Attackers can exploit these flaws via crafted HTTP requests, particularly targeting FortiSandbox deployments exposed to the internet.
Patching affected systems, restricting management access, and reviewing logs for suspicious requests are essential immediate actions for security teams. Historical data indicates that exploitation of these vulnerabilities has been observed.