{"id":1329,"date":"2026-06-16T11:12:53","date_gmt":"2026-06-16T11:12:53","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1329"},"modified":"2026-06-16T11:12:53","modified_gmt":"2026-06-16T11:12:53","slug":"attackers-exploit-three-fortinet-fortisandbox-flaws-one-patched-last-week","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1329","title":{"rendered":"Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Jun 16, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Threat Intelligence<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEisozpc0YfCvHjGAyEZf7c1G10iEOgszA-mkIIrhG3A4VYcq8_Hih8U0hO66iBoDPPJZhfq7Dc3fGTsMLDiFiGSk6-xS7ltGORLe0_sC8VyhZHlfIkeGpOkMTcbQ0R7BeDtDmZFb-VB_GF3le8p0mx2ZMD-CLZb5eWlMJPiBhdu9ljzlh_E01hIon9dA-Y3\/s1700-e365\/Fortinet.png\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber.<\/p>\n<p>In a post <a href=\"https:\/\/x.com\/DefusedCyber\/status\/2066575288503255274\">shared<\/a> on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours.<\/p>\n<p>CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that could allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests.<\/p>\n<p>The second flaw, CVE-2026-39808 (CVSS score: 9.1), is a case of operating system command injection that could allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests. Both vulnerabilities were patched by Fortinet in April 2026.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-cant-stop-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ\/s728-e100\/ThreatLocker-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>CVE-2026-25089 (CVSS score: 9.1), on the other hand, was fixed last week, with Fortinet describing it as an operating system command injection impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI that could allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.<\/p>\n<p>Defused Cyber noted that the exploit for CVE-2026-25089 not only shows signs of being developed using an artificial intelligence (AI) model, but is also faulty. A working exploit for the vulnerability has not been publicly disclosed.<\/p>\n<p>Vulnerabilities in Fortinet appliances have become a lightning rod for attackers in recent years. In April 2026, Fortinet released out-of-band patches for a critical security flaw impacting FortiClient EMS (CVE-2026-35616, CVSS score: 9.1) that it said has been exploited in the wild.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Jun 16, 2026Vulnerability \/ Threat Intelligence Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X,&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1330,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[622,120,11,1075,2059,1707,2060],"class_list":["post-1329","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-attackers","tag-exploit","tag-flaws","tag-fortinet","tag-fortisandbox","tag-patched","tag-week"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1329","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1329"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1329\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/1330"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}