www.cisa.gov 7/16/2026, 6:39:38 PM · external

CISA adds FortiSandbox flaw CVE-2026-39808 to KEV catalogue

Developing story vulnerability 13 articles tracked
Fortinet FortiSandbox vulnerabilities exploited in global FortiBleed campaign
CyberSIXT Evidence Panel
CISA KEV Listed in KEV
Patch Patch Available

THE CISA maintains the Known Exploited Vulnerabilities (KEV) Catalog, which helps organizations prioritize vulnerability management by listing exploited vulnerabilities. The catalog includes a specific vulnerability, CVE-2026-39808, affecting Fortinet FortiSandbox, allowing unauthorized code execution via crafted HTTP requests. Organizations are advised to apply mitigations according to vendor instructions and comply with CISA's BOD 26-04 guidance. The catalog can be accessed in multiple formats including CSV and JSON, and users can nominate new vulnerabilities for inclusion.

View Primary Source Via www.cisa.gov

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline