Attackers are actively exploiting multiple critical Fortinet FortiSandbox vulnerabilities, including CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, which can enable privilege escalation and remote code execution without user interaction. Fortinet has issued patches, while CISA and Defused warn that Fortinet flaws continue to be attractive targets for ransomware and espionage campaigns. #Fortinet #FortiSandbox #CVE-2026-39813 #CVE-2026-39808 #CVE-2026-25089 #CVE-2026-21643 #CVE-2026-26083 #CVE-2025-61624 #CISA #Defused
Keypoints
- Multiple critical FortiSandbox vulnerabilities are being actively exploited.
- The flaws can lead to privilege escalation and remote code execution.
- Fortinet released security updates on April 14 for CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089.
- Admins must upgrade affected FortiSandbox deployments to the latest versions to block attacks.
- CISA says Fortinet products have a long history of exploitation, including abuse by ransomware groups.