3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Three recently patched Fortinet FortiSandbox vulnerabilities are being targeted in the wild, according to exploit intelligence company Defused.

Defused’s honeypots have been seeing attempts to exploit CVE-2026-39808, CVE-2026-39813, and CVE-2026-25089.

CVE-2026-39813 and CVE-2026-39808 were both rated ‘critical severity’ and patched in April. The former allows an attacker to bypass authentication, while the latter is an OS command injection flaw that can be exploited to execute arbitrary code or commands.

CVE-2026-25089 was patched by Fortinet with its June 2026 Patch Tuesday updates. It allows a remote, unauthenticated attacker to execute arbitrary commands on vulnerable appliances.

Exploitation of CVE-2026-39808 was independently observed by KEVIntel on June 12. Both Defused and KEVIntel reported seeing attacks targeting CVE-2026-39813 on June 15.