The Hacker News web signal

Fortinet FortiSandbox Three CVSS 9.1 Bugs Exploited

cybersecurity cybersecurity active-exploitation fortinet vulnerability

Key insights

  • All three FortiSandbox flaws are rated CVSS 9.1 and allow unauthenticated attackers to execute commands via crafted HTTP requests against sandbox infrastructure.
  • CVE-2026-25089's only known public exploit is AI-generated and confirmed faulty, with no working public exploit currently available for that vulnerability.
  • Fortinet's FortiClient EMS (CVE-2026-35616, CVSS 9.1) also underwent emergency patching in April 2026 after confirmed active wild exploitation, forming a pattern.

Why this matters

Security sandboxes are the layer enterprises rely on to detonate and classify unknown malware; compromising FortiSandbox gives attackers a mechanism to pass malicious payloads undetected, turning a defensive tool into a blind spot. Two of the three CVEs had patches available since April 2026, meaning exploitation is landing on organizations that are at least two months behind on critical Fortinet updates, a gap that is increasingly the rule rather than the exception. The appearance of an AI-generated exploit attempt against the newest flaw signals that threat actors are accelerating weaponization timelines even when their tooling is imperfect, compressing the window defenders have to patch before a working exploit exists.

Summary

Defused Cyber confirmed active exploitation of three Fortinet FortiSandbox vulnerabilities, all CVSS 9.1, against the infrastructure organizations use to detonate and analyze suspicious files. CVE-2026-39813 (path traversal in the JRPC API, unauthenticated auth bypass via crafted HTTP requests) and CVE-2026-39808 (OS command injection, unauthenticated code execution via crafted HTTP requests) were both patched in April 2026 and are confirmed under active attack. CVE-2026-25089 hits FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI; patched only the week before this report, its only known public exploit is AI-generated and confirmed faulty, with no working exploit publicly available. Essentially: (Fortinet, Defused Cyber) the security sandbox is itself the exploited layer. - No working public exploit exists for CVE-2026-25089, but the two older flaws are actively hitting unpatched sites. - Fortinet separately released emergency patches in April 2026 for CVE-2026-35616 in FortiClient EMS, also CVSS 9.1, after active wild exploitation. Security teams running unpatched FortiSandbox are being compromised through the tools they rely on to catch threats.

Potential risks and opportunities

Risks

  • Organizations that have not applied Fortinet's April 2026 patches face confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808, giving unauthenticated attackers command execution on the security sandbox layer.
  • If the AI-generated exploit for CVE-2026-25089 is corrected and weaponized, organizations that missed the most recent patch cycle face a third unauthenticated attack vector spanning FortiSandbox Cloud and PaaS WEB UI environments.
  • Fortinet's consecutive critical vulnerabilities (CVE-2026-35616 in April 2026, three FortiSandbox flaws now) increase regulatory scrutiny and vendor audit pressure for enterprises with Fortinet-heavy security stacks, particularly those with compliance obligations.

Opportunities

  • Competing sandbox vendors (Palo Alto WildFire, Any.run) can use Fortinet's repeated CVSS 9.1 critical-flaw pattern as a competitive differentiator in enterprise security RFPs, especially for FortiSandbox Cloud displacement conversations.
  • Patch management and vulnerability prioritization platforms (Tenable, Qualys, Rapid7) have a concrete upsell case at Fortinet-heavy enterprises demonstrably running two or more months behind on critical security patches.
  • MSSPs can target the window between Defused Cyber's June 2026 disclosure and broad organizational patch deployment to drive emergency FortiSandbox remediation and post-exploitation investigation engagements.

What we don't know yet

  • Which sectors or specific organizations are being actively targeted by CVE-2026-39813 and CVE-2026-39808 exploitation: no attribution or victim profile was disclosed by Defused Cyber.
  • Whether the AI-generated exploit for CVE-2026-25089 is being refined toward functionality: the report confirms it is faulty but does not assess how close to working it currently is.
  • How many FortiSandbox deployments globally remain unpatched against the April 2026 fixes two months after release: no patch adoption rate or exposure scope was reported.

Originally reported by The Hacker News

Read the original article →

Original headline: Attackers Actively Exploit Three Fortinet FortiSandbox Flaws Rated CVSS 9.1 — Unauthenticated Code Execution on Security Sandboxes