Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Attackers are actively exploiting three vulnerabilities in Fortinet FortiSandbox appliances, as reported by threat intelligence firm Defused Cyber. The firm observed exploitation attempts for CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 within the past 24 hours. CVE-2026-39813, a path traversal vulnerability in the FortiSandbox JRPC API with a critical CVSS score of 9.1, is among the exploited flaws. Fortinet released a patch for CVE-2026-39813 just last week, indicating that many systems may still be vulnerable. The other two vulnerabilities, CVE-2026-39808 and CVE-2026-25089, also pose significant security risks to FortiSandbox deployments. The exploitation of these vulnerabilities highlights the ongoing threat landscape for network security devices and the importance of timely patching.