CISA urges immediate action on actively exploited Fortinet flaws

CISA urges immediate action on actively exploited Fortinet flaws
CISA has ordered U.S. federal agencies to urgently patch two actively exploited critical vulnerabilities in Fortinet FortiSandbox, tracked as CVE-2026-39808 and CVE-2026-25089. Fortinet and Defused reported that attackers are already abusing the flaws in the wild, allowing unauthenticated remote code execution through low-complexity command injection attacks. #Fortinet #FortiSandbox #CVE-2026-39808 #CVE-2026-25089 #CISA

Keypoints

  • CISA added two FortiSandbox flaws to its known exploited vulnerabilities catalog.
  • The affected vulnerabilities are CVE-2026-39808 and CVE-2026-25089.
  • Fortinet says the issues can allow unauthenticated remote code execution.
  • Admins must upgrade all affected FortiSandbox deployments to the latest versions.
  • Federal agencies must patch the vulnerabilities by Sunday, July 19.

Read More: https://www.bleepingcomputer.com/news/security/cisa-warns-feds-to-patch-exploited-fortinet-fortisandbox-flaws-by-sunday/