CRITICAL ⚡ MUST-KNOW
Attackers Exploit Three Fortinet FortiSandbox Flaws Including CVSS 9.1
Threat intelligence firm Defused Cyber confirmed active exploitation of three Fortinet FortiSandbox vulnerabilities within the past 24 hours: CVE-2026-39813 (CVSS 9.1, path traversal in the JRPC API), CVE-2026-39808, and CVE-2026-25089. One of the three was patched only last week, leaving virtually no remediation window before exploitation began. FortiSandbox is Fortinet’s advanced threat detection sandbox used in enterprise environments to analyze suspicious files and network traffic. The CVSS 9.1 path traversal flaw could allow remote attackers to access sensitive files or execute arbitrary code. Organizations running FortiSandbox should apply the latest patches immediately and review logs for indicators of compromise from the past week.