Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation Wave
Summary
Hide ▲
Show ▼
Fortinet FortiSandbox is facing an active exploitation wave that puts affected deployments at risk of unauthenticated remote code execution and privilege escalation. Defused said attackers are exploiting multiple critical vulnerabilities, including CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. The activity was observed during the past 24 hours, and Fortinet had already released fixes on April 14. Administrators need to move to the latest released versions to block incoming attacks.
Related Happenings
FortiSandbox unauthenticated command injection (CVE-2026-25089)
Vulnerability
H score47
First: 16.06.2026 13:30
Last: 16.06.2026 13:30
Sources 1
How related:
CVE-2026-25089 (CVSS score: 9.1), on the other hand, was fixed last week, with Fortinet describing it as an operating system command injection impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI that could allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
About this happening:
**CVE-2026-25089** is an **unauthenticated operating system command injection** in **FortiSandbox**-related products that was seen in **active exploitation** over the **past 24 ho...
FortiSandbox unauthenticated command injection (CVE-2026-25089)
VulnerabilityHow related: CVE-2026-25089 (CVSS score: 9.1), on the other hand, was fixed last week, with Fortinet describing it as an operating system command injection impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI that could allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
About this happening: **CVE-2026-25089** is an **unauthenticated operating system command injection** in **FortiSandbox**-related products that was seen in **active exploitation** over the **past 24 ho...
Fortinet security patch release for CVE-2026-39813
Security Patch Release
H score41
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
How related:
Fortinet released security updates for these three critical-severity security flaws (tracked as CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089) on April 14.
About this happening:
**Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet security patch release for CVE-2026-39813
Security Patch ReleaseHow related: Fortinet released security updates for these three critical-severity security flaws (tracked as CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089) on April 14.
About this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation Wave
H score56
First: 28.05.2026 18:26
Last: 28.05.2026 18:26
Sources 1
About this happening:
**CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Fortinet security patch release for CVE-2026-44277
Security Patch Release
H score50
First: 12.05.2026 21:23
Last: 12.05.2026 21:23
Sources 1
About this happening:
Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Fortinet security patch release for CVE-2026-44277
Security Patch ReleaseAbout this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Timeline
-
16.06.2026 12:19 1 articles · 1h ago
Fortinet releases April 14 fixes for critical FortiSandbox vulnerabilities
Mitigation Patch UpdateFortinet released security updates for CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 in FortiSandbox on April 14, addressing critical flaws that can let unauthenticated attackers escalate privileges and execute unauthorized code remotely through low-complexity command injection.
Show sources
- Critical Fortinet FortiSandbox flaws now exploited in attacks — www.bleepingcomputer.com — 16.06.2026 12:19
-
16.06.2026 12:19 3 articles · 1h ago
Defused reports active exploitation of Fortinet FortiSandbox vulnerabilities
Initial DisclosureDefused said attackers were actively exploiting multiple Fortinet FortiSandbox vulnerabilities during the past 24 hours, including CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. The firm noted that CVE-2026-39813 had no previous recorded exploitation and that a working exploit for CVE-2026-25089 had not yet been publicly disclosed.
Show sources
- Critical Fortinet FortiSandbox flaws now exploited in attacks — www.bleepingcomputer.com — 16.06.2026 12:19
- Critical Fortinet FortiSandbox flaws now exploited in attacks — www.bleepingcomputer.com — 16.06.2026 12:19
- Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week — thehackernews.com — 16.06.2026 13:30