Two critical FortiSandbox vulnerabilities, now confirmed under active exploitation and added to CISA's Known Exploited Vulnerabilities catalog, leave threat-detection appliances exposed to unauthenticated remote command execution. UK infrastructure buyers running FortiSandbox on-premises, in the cloud, or as PaaS should treat patching as immediate, not scheduled maintenance.
View the data behind this chart
| Phase | Starts (week) | Duration (weeks) |
|---|---|---|
| April patches: CVE-2026-3981… | 0 | 1 |
| 9 June patch for CVE-2026-25… | 8 | 1 |
| Active exploitation of all… | 9 | 1 |
| CISA adds two CVEs to KEV… | 14 | 2 |
What's actually happening
Attackers are actively exploiting two critical Fortinet FortiSandbox vulnerabilities, CVE-2026-39808 and CVE-2026-25089, both rated CVSS 9.1. Both are OS command injection flaws that let an unauthenticated attacker execute arbitrary commands via a specially crafted HTTP request — no credentials, no user interaction, no social engineering required. The flaws affect FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI, meaning appliance owners, cloud tenants and PaaS customers are all in scope.
A third critical bug, CVE-2026-39813 (also CVSS 9.1), is a path traversal and authentication bypass in the FortiSandbox JRPC API, allowing unauthenticated attackers to read arbitrary files. Threat intelligence firm Defused reported observing exploitation of all three CVEs within a single 24-hour window, noting activity began over a weekend — a pattern that has become disturbingly familiar with edge security appliances.
The patch timeline UK teams need to understand
Fortinet's fix rollout happened in two stages, which matters for anyone auditing patch coverage. CVE-2026-39813 and CVE-2026-39808 were patched in April 2026, with fixes landing in FortiSandbox 4.4.9 and 5.0.6; at that point Fortinet reported no evidence of active exploitation. CVE-2026-25089 followed on 9 June 2026, closing the gap across FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS. It was only in mid-June that exploitation activity was first observed and reported publicly — meaning organisations that delayed either patch window are now sitting on appliances with confirmed, weaponised vulnerabilities.
CVSS 9.1 across the board: comparing the three flaws
All three FortiSandbox vulnerabilities carry the maximum practical severity rating short of a perfect score, but they differ in mechanism and exploit maturity. Understanding which is which helps prioritise verification during patch audits.

Why CISA's KEV listing matters even outside the US
CISA has added CVE-2026-39808 and CVE-2026-25089 to its Known Exploited Vulnerabilities catalog, which by policy confirms the agency holds evidence of active exploitation — though it rarely discloses how widespread that exploitation is or attributes it to specific actors. The KEV listing triggers a binding operational directive requiring US federal agencies to patch by a set deadline. UK organisations aren't bound by that directive, but the listing is a reliable, independently verified signal that these bugs are being weaponised now, not theoretically. Any UK buyer treating KEV inclusion as 'someone else's problem' is misreading what the catalog is actually telling them.
FortiSandbox appliances typically sit at a network's inspection chokepoint, analysing suspicious files and traffic — which makes an unauthenticated command injection there especially dangerous, since a compromised sandbox can become a pivot point into the very network it was meant to protect.
What UK infrastructure buyers should do now
Confirm FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS instances are running 4.4.9 or later (or 5.0.6 where applicable) and that the June 9 update covering CVE-2026-25089 has been applied — patch version alone doesn't guarantee all three fixes are present if updates were applied piecemeal. Teams managing broader Fortinet estates should learn more about Fortinet's security offerings to understand how sandbox appliances fit into wider FortiGate and FortiSandbox architectures, and should enhance your vulnerability management strategy to catch the gap between disclosure and patch deployment that attackers keep exploiting. Organisations running end-of-support or delayed-refresh sandbox hardware should also explore third-party maintenance for your Fortinet appliances to keep coverage current without waiting on a full refresh cycle.
Given that exploitation was detected within days of the final patch shipping, relying solely on vendor patch cadence is no longer sufficient. Buyers should consider managed detection and response (MDR) services to catch post-exploitation behaviour on sandbox appliances that may already have been probed before patches were applied.
The bigger picture for UK cyber resilience
This is another entry in a growing pattern of critical, unauthenticated, remotely exploitable flaws in perimeter and inspection appliances — the exact class of kit that's supposed to catch attackers, not admit them. For UK buyers, the practical lesson is that threat-detection infrastructure needs the same patch discipline, asset inventory and exploitation monitoring as any internet-facing firewall, and that a three-week gap between the final patch and confirmed in-the-wild exploitation is now a realistic threat window, not a hypothetical one.
- 01BleepingComputer — Attackers target critical FortiSandbox flaws as CISA issues patch order · 17 July 2026
- 02The Register — Attackers target critical FortiSandbox flaws as CISA issues patch order · 17 July 2026
- 03The Register — Three critical Fortinet sandbox bugs splattered by unknown attackers · 16 June 2026
- 04The Hacker News — Attackers exploit three Fortinet FortiSandbox flaws · 16 June 2026
- 05BleepingComputer — Critical Fortinet FortiSandbox flaws now exploited in attacks · 16 June 2026
- 06The Hacker News — Ivanti, Fortinet and SAP release patches · 9 June 2026
- 07The Hacker News — April Patch Tuesday fixes critical flaws · 14 April 2026
