Attackers are exploiting multiple Fortinet FortiSandbox flaws, including CVE-2026-39808 and CVE-2026-39813, after patches were released in April, with researchers observing active exploitation across several countries. The activity appears to involve multiple independent operators and could lead to broader attacks against trusted FortiSandbox environments and connected Fortinet devices. #Fortinet #FortiSandbox #CVE-2026-39808 #CVE-2026-39813 #CVE-2026-25089
Keypoints
- Attackers are exploiting Fortinet FortiSandbox vulnerabilities in the wild.
- CVE-2026-39808 and CVE-2026-39813 were patched in April, but exploitation continues.
- Researchers also observed attempts to exploit CVE-2026-25089.
- The activity included 49 exploitation events from 11 IPs across multiple countries.
- Compromise of FortiSandbox could give attackers elevated access into a sensitive security environment.
Read More: https://cyberscoop.com/fortinet-fortisandbox-vulnerabilities-exploits/