Attackers exploit three Fortinet sandbox flaws after patches ship

Unknown attackers are exploiting three critical Fortinet sandbox flaws after Fortinet shipped fixes in April and June, threat intelligence firm Defused said.

The bugs affect FortiSandbox, a Fortinet product that helps organizations detonate suspicious files and URLs before staff open them. Attackers who reach exposed FortiSandbox systems can use the flaws to bypass authentication, escalate privileges, or execute commands.

Fortinet assigned each flaw a 9.1 CVSS score. The company told customers at patch time that it had no attack reports. Defused said Monday that its researchers saw exploitation during the previous 24 hours.

Security teams should treat the bugs as urgent because attackers do not need valid credentials for the command execution paths. Fortinet customers can check advisories through the FortiGuard PSIRT portal and move affected systems to fixed versions.

CVE-2026-39813 covers a path traversal flaw in the FortiSandbox JRPC API. Attackers can send crafted HTTP requests and bypass authentication. The bug affects FortiSandbox 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5. Fortinet fixed it in 4.4.9 and 5.0.6. Fortinet security analyst Loic Pantano found the flaw.

CVE-2026-39808 covers OS command injection in FortiSandbox. Attackers can send HTTP requests and execute commands without logging in. The bug affects FortiSandbox 4.4.0 through 4.4.8. Fortinet fixed it in 4.4.9. Fortinet credited KPMG Spain researcher Samuel de Lucas Maroto for the report.

CVE-2026-25089 covers another OS command injection flaw in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS web UI. Attackers can send crafted HTTP requests and run commands. The bug affects FortiSandbox 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5, plus FortiSandbox Cloud 5.0.4 through 5.0.5 and FortiSandbox PaaS 5.0.4 through 5.0.5.

Fortinet patched CVE-2026-39813 and CVE-2026-39808 in April. The company patched CVE-2026-25089 last week. Defused said researchers had not seen a working public exploit for CVE-2026-25089, and the exploit code they reviewed appeared flawed.

The user risk depends on where an organization runs FortiSandbox and who can reach it. A sandbox often sits near email, web, and file inspection workflows. An attacker who compromises it may gain a foothold near security tooling that defenders trust.

Companies should upgrade affected FortiSandbox systems, restrict access to management and API endpoints, review HTTP logs for crafted requests, and check whether attackers created new accounts, changed privileges, or launched commands. Teams that run cloud or PaaS versions should confirm their tenant version and ask Fortinet for attack indicators tied to CVE-2026-25089.

The bugs carry no direct GDPR or CCPA fine by themselves. Regulators care about the breach that can follow. If attackers use these flaws to reach personal data, companies may need to notify users and regulators under the EU General Data Protection Regulation, the California Consumer Privacy Act, and state breach notification laws.

Fortinet did not answer The Register's questions about whether it had observed attacks. Defused's report leaves one point clear for customers: attackers have moved from advisory text to exploitation, and unpatched FortiSandbox systems give them a direct HTTP path into high-value infrastructure.