Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Summary
Attackers are actively exploiting three vulnerabilities in Fortinet FortiSandbox, with one of these flaws already patched last week. The exploited vulnerabilities include CVE-2026-39813, a path traversal flaw in the JRPC API, and two others, CVE-2026-39808 and CVE-2026-25089. The firm Defused Cyber reported observing exploitation attempts over the past 24 hours.
IFF Assessment
The article details active exploitation of vulnerabilities, indicating a direct threat to systems and data, which is detrimental to defenders.
Severity
The article explicitly states the CVSS score for CVE-2026-39813 as 9.1, indicating a critical severity that attackers are actively leveraging.
Defender Context
This article highlights active exploitation of critical Fortinet FortiSandbox vulnerabilities, emphasizing the need for immediate patching and vigilance. Defenders should prioritize updating their FortiSandbox deployments to mitigate the identified risks and monitor for any suspicious activity related to these CVEs. The fact that one vulnerability was patched last week but is still being exploited underscores the challenge of rapid patch deployment in real-world scenarios.