9.1 CVSS
Across all three FortiSandbox CVEs: maximum critical rating
3 CVEs
Simultaneously exploited in a single security product, zero authentication required
7 days
From CVE-2026-25089 patch release to confirmed active exploitation in the wild
0 privileges
Required for any of the three attack chains: fully unauthenticated exploitation

SponsoredRetool

Retool's new app builder is where AI-generated code ships safely

Building apps with AI is easy. Getting them to production safely is another story.

Start building for free today

CVE-2026-39813 (CVSS 9.1) is under active exploitation today alongside two companion FortiSandbox unauthenticated RCE flaws, CVE-2026-39808 and CVE-2026-25089, all requiring zero authentication to exploit. Threat intelligence firm Defused Cyber confirmed active attacks against all three vulnerabilities within the past 24 hours as of June 16, 2026.

FortiSandbox is the malware analysis engine at the core of the Fortinet Security Fabric. It receives suspicious files forwarded by FortiGate firewalls, FortiMail email security gateways, and FortiProxy web proxies, detonates them in an isolated environment, and returns a verdict that downstream controls act on. CVE-2026-39813 exploits a path traversal flaw in the FortiSandbox JRPC API to bypass authentication without any credentials. CVE-2026-39808 chains that access into OS command injection via crafted HTTP requests, achieving remote code execution. CVE-2026-25089 provides a parallel attack path through the FortiSandbox Web UI that also reaches FortiSandbox Cloud and PaaS deployments.

All three flaws have patches available. CVE-2026-39813 and CVE-2026-39808 received fixes in April 2026 with versions 4.4.9 and 5.0.6. CVE-2026-25089 was patched just seven days ago, on June 9, 2026, and active exploitation was confirmed within that same week. Any FortiSandbox appliance on versions 4.4.0 through 4.4.8 or 5.0.0 through 5.0.5 with management interfaces reachable from untrusted networks must be treated as an emergency patch priority today.

How Does FortiSandbox Unauthenticated RCE Work?

FortiSandbox unauthenticated RCE proceeds through two distinct attack paths that threat actors are currently chaining in active campaigns. The primary path exploits CVE-2026-39813, a path traversal vulnerability (CWE-24) in the FortiSandbox JRPC API. Attackers insert directory traversal sequences into HTTP request path parameters, tricking the API into processing the request outside the authenticated code path. No valid credentials are required at any stage of this bypass.

With authentication bypassed via CVE-2026-39813, CVE-2026-39808 takes over. This OS command injection vulnerability exists in the same HTTP request processing layer and allows the attacker to embed shell commands inside crafted HTTP requests. FortiSandbox processes these commands with elevated privileges, yielding full remote code execution as a high-privileged system user. Security researcher Samuel de Lucas Maroto of KPMG Spain discovered both CVE-2026-39808 and CVE-2026-39813, with Fortinet disclosing and patching them on April 14, 2026 (FortiGuard Labs advisory FG-IR-26-112).

CVE-2026-25089 offers a separate route targeting the FortiSandbox Web UI interface rather than the JRPC API. An unauthenticated attacker sends a specially crafted HTTP request to the web interface and the appliance executes injected system commands without requiring any authentication token. This third vulnerability affects FortiSandbox Cloud and FortiSandbox PaaS deployments in addition to on-premises hardware appliances, widening the attack surface to cloud-managed instances. The flaw covers FortiSandbox 4.2 all versions, a branch with no minor-version patch available.

Defused Cyber noted that one exploit sample for CVE-2026-25089 shows signs of being developed using an AI model, based on its coding structure and patterns. The sample is functionally faulty, but its existence confirms that attackers are using AI code generation to accelerate PoC development. This mirrors the AI-assisted exploit pattern documented in the Check Point VPN CVE-2026-50751 authentication bypass campaign from earlier this month.

The attack requires no prior foothold, no credentials, and no user interaction. Any FortiSandbox management interface reachable from the internet or from a compromised internal segment is a valid unauthenticated target.

Which FortiSandbox Versions Are at Risk?

CVE-2026-39813 (path traversal authentication bypass) affects FortiSandbox 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5. CVE-2026-39808 (OS command injection via HTTP) affects versions 4.4.0 through 4.4.8. CVE-2026-25089 (Web UI command injection) covers the widest range: FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5.

Organizations on the FortiSandbox 4.2 branch face a specific challenge: CVE-2026-25089 affects all 4.2 releases and there is no 4.2 patch available. Any 4.2 deployment requires an upgrade to the 4.4 or 5.0 branch as the remediation path, not a minor version update within the same branch.

The scope of risk extends well beyond the appliance itself. FortiSandbox sits at the center of the Fortinet Security Fabric and acts as the verdict engine for downstream security controls. A compromised FortiSandbox can return clean verdicts for malicious files, allowing malware to pass through FortiGate firewalls, FortiMail email gateways, and FortiProxy web proxies without triggering a block. Attackers who compromise the sandbox gain the ability to blind the entire detection stack silently.

Research by KPMG Spain identified financial institutions operating under SAMA regulatory frameworks as consistently targeted, given the prevalence of standardized Fortinet stack deployments in that sector. Healthcare, critical infrastructure, and government organizations with Fortinet-centric security architectures carry similar exposure profiles.

Internal-only deployments with strict network ACLs limiting management interface access to jump hosts and administration VLANs have reduced but not eliminated exposure. Attackers who have achieved lateral movement can pivot to reach sandbox management APIs from internal segments, particularly in flat network architectures where security appliance management ports share routing with workstation networks.

Free daily briefing

Briefings like this, every morning before 9am.

Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.

Why Attackers Target Security Appliances Specifically

The FortiSandbox exploitation campaign follows a deliberate playbook: compromise the security tooling before attacking the environment it protects. Gaining execution on a sandbox appliance gives attackers visibility into what the organization flags as suspicious, the ability to whitelist their own malware families in future scans, and the capacity to eliminate the detection layer before staging the primary intrusion.

Fortinet products have been targeted persistently throughout 2025 and 2026. CISA's June 2026 patch priority directive flagged multiple Fortinet vulnerabilities alongside Palo Alto PAN-OS and Microsoft Defender flaws in CISA's June 2026 patch deadline advisory, reinforcing that security appliance vendors represent a recurring structural weak point in enterprise defense architectures.

The three-CVE simultaneous exploitation pattern is informative about patch compliance rates. CVE-2026-39813 and CVE-2026-39808 were patched in April 2026, giving organizations eight weeks to apply those fixes. Active exploitation occurring in June against those same flaws demonstrates that a significant share of the installed base has not patched, likely due to operational friction in scheduling maintenance windows for production security appliances or treating sandbox products as lower-priority than firewalls and VPN concentrators.

The seven-day exploitation window for CVE-2026-25089 (patched June 9, confirmed exploited by June 16) is a sharp data point. For CVSS 9.1 vulnerabilities in internet-facing security products, organizations effectively have no grace period before exploitation begins. Threat actors monitor Fortinet advisories and deploy PoC code faster than most organizations can schedule a change window.

Defused Cyber has not attributed this campaign to a specific threat actor. The AI-assisted exploit development observed in the CVE-2026-25089 sample is consistent with sophisticated criminal groups and nation-state affiliated actors who routinely use AI code generation to compress the time from public disclosure to first exploitation.

Attackers exploited CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 in FortiSandbox within 24 hours of active tracking. All three require zero authentication. Any exposed appliance must be treated as an emergency patch priority today.

Defused Cyber Threat Intelligence, June 16, 2026

Indicators to Hunt Across Your FortiSandbox Environment

No threat actor infrastructure (C2 IP addresses, malware domains, or payload file hashes) has been publicly attributed to this FortiSandbox exploitation campaign as of June 16, 2026. Defused Cyber's observation of active exploitation in the past 24 hours reflects early-stage scanning and exploitation activity rather than a mature campaign with established indicator trails. Defenders should focus on behavioral indicators until attribution matures.

Review FortiSandbox access logs for HTTP requests targeting the JRPC API endpoint that contain directory traversal sequences in path parameters. Patterns to look for include ../ sequences, URL-encoded equivalents (%2e%2e%2f), and double-encoded variants (%252e%252e%252f). Any such requests arriving from IP addresses outside the designated management network range should be treated as exploitation attempts and investigated immediately.

For CVE-2026-25089 (Web UI attack vector), examine HTTP POST requests to the FortiSandbox web interface. Requests containing shell metacharacters in parameter values (semicolons, pipe characters, backticks, dollar signs with command substitution syntax) indicate command injection attempts. Unexpected process spawning from the web server process in system-level logs is a strong indicator of successful command injection execution.

Fortinet recommends reviewing access logs from March 31, 2026 onward for retroactive evidence of exploitation. CVE-2026-39813 and CVE-2026-39808 existed as undetected vulnerabilities before the April 2026 public disclosure, meaning successful exploitation may have occurred before patches were released. Unexplained administrative access, configuration changes, or anomalous verdict patterns from that window should be escalated to incident response.

Remediation: Upgrade FortiSandbox to 5.0.6 or 4.4.9 Today

Upgrading to a patched version is the only complete remediation for all three CVEs. No workaround eliminates all three attack vectors simultaneously.

Subscribe to unlock Remediation & Mitigation steps

Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.

Why FortiSandbox Unauthenticated RCE Demands Immediate Action

The FortiSandbox unauthenticated RCE campaign targets the detection infrastructure itself, not the endpoints or data it protects. When the sandbox verdict engine is compromised, every downstream security decision becomes unreliable: clean verdicts from a backdoored appliance allow malware through firewalls, email gateways, and web proxies that would otherwise block the same file. Security operations teams lose their ability to trust their own tooling, and threat actors gain the most valuable prize in an enterprise network: visibility into what triggers detection and what does not.

The three-CVE exploitation pattern also exposes a systemic failure in enterprise patch management. Eight weeks elapsed between the April 2026 patches for CVE-2026-39813 and CVE-2026-39808 and today's confirmed exploitation. The seven-day gap for CVE-2026-25089 is even more alarming: defenders had less than one business week to apply a CVSS 9.1 patch before active exploitation began against organizations that had not acted.

Organizations that have already established emergency patch protocols for unauthenticated RCE vulnerabilities, including those who responded to the NGINX Rift CVE-2026-42945 unauthenticated RCE earlier this year, should apply the same escalation framework here. Declare this an emergency change. Override standard change management timelines. Upgrade FortiSandbox to 4.4.9 or 5.0.6 before end of business today.

If patching today is operationally impossible, implement network-level ACLs restricting FortiSandbox management interface access to jump hosts and administration VLANs as an immediate partial mitigant. Schedule the patch for the earliest available maintenance window measured in hours, not days. Every hour an unpatched management interface remains reachable from an untrusted network is an hour that exploitation attempts are actively occurring against it.

The bottom line

FortiSandbox unauthenticated RCE via CVE-2026-39813 is under active exploitation today. Three CVSS 9.1 vulnerabilities in a single security product require zero authentication to exploit, including one flaw patched only seven days ago. First: upgrade to FortiSandbox 4.4.9 or 5.0.6 today using an emergency change process. Second: restrict management interface access to dedicated admin networks until patching completes. Third: audit FortiSandbox verdict logs from March 31, 2026 onward for signs of prior compromise and false-negative verdict manipulation.

This analysis is generic — the platform version scores threats like this against your own stack.

Frequently asked questions

What is CVE-2026-39813 in Fortinet FortiSandbox?

CVE-2026-39813 is a path traversal vulnerability (CWE-24) in the FortiSandbox JRPC API rated CVSS 9.1 Critical. It allows an unauthenticated remote attacker to bypass authentication by sending specially crafted HTTP requests containing directory traversal sequences. No credentials, privileges, or user interaction are required to exploit it. Fortinet patched CVE-2026-39813 in April 2026 with the release of FortiSandbox 4.4.9 and 5.0.6.

Is FortiSandbox CVE-2026-39813 being actively exploited right now?

Yes. Threat intelligence firm Defused Cyber confirmed active exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 within the past 24 hours as of June 16, 2026. All three vulnerabilities require zero authentication, making any internet-exposed FortiSandbox appliance running affected versions an immediate target. The exploitation window opened within seven days of the most recent patch release for CVE-2026-25089.

How do attackers exploit the FortiSandbox path traversal flaw?

Attackers send HTTP requests to the FortiSandbox JRPC API containing directory traversal sequences such as ../ patterns in file path parameters. This causes the API to process the request outside the authenticated code path, bypassing the authentication gate entirely. Attackers then chain this with CVE-2026-39808, an OS command injection flaw in the same HTTP processing layer, to execute arbitrary commands on the appliance with elevated system privileges.

Which versions of FortiSandbox are affected by these CVEs?

CVE-2026-39813 affects FortiSandbox 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5. CVE-2026-39808 affects versions 4.4.0 through 4.4.8. CVE-2026-25089 covers the widest scope: FortiSandbox 4.2 all versions, 4.4.0 through 4.4.8, 5.0.0 through 5.0.5, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5. Patched versions are 4.4.9 and 5.0.6 for on-premises deployments.

How do I patch CVE-2026-39813 in FortiSandbox?

Log in to the Fortinet Support Portal and navigate to Downloads, then Firmware Images, then FortiSandbox. Download and install version 4.4.9 if you are on the 4.4 branch, or 5.0.6 if you are on the 5.0 branch. If you are on FortiSandbox 4.2, there is no minor-version patch for CVE-2026-25089; contact Fortinet support for upgrade guidance to the 4.4 or 5.0 branch. Apply this as an emergency change and bypass standard change management timelines.

Can attackers chain CVE-2026-39813 and CVE-2026-39808 together?

Yes. CVE-2026-39813 (authentication bypass) and CVE-2026-39808 (command injection) are designed to chain: the path traversal flaw in the JRPC API first bypasses authentication, and the command injection vulnerability in the same HTTP processing layer then executes arbitrary OS commands. CVE-2026-25089 provides a separate parallel attack path through the Web UI that does not require CVE-2026-39813 and is a standalone unauthenticated RCE vector affecting cloud and PaaS deployments as well.

What happens if my FortiSandbox appliance is compromised?

A compromised FortiSandbox can manipulate malware analysis verdicts, returning clean results for malicious files and allowing malware to pass through every security control that relies on sandbox analysis. Downstream controls affected include FortiGate firewalls, FortiMail email security gateways, and FortiProxy web proxies. Attackers can also use the appliance as a pivot point within the security management network, access stored credentials, and modify detection rules. Any suspected compromise should be treated as a full security incident requiring immediate containment.

Is FortiSandbox Cloud affected by the CVE-2026-25089 vulnerability?

Yes. CVE-2026-25089 explicitly affects FortiSandbox Cloud versions 5.0.4 through 5.0.5 and FortiSandbox PaaS versions 5.0.4 through 5.0.5, in addition to on-premises hardware. Organizations using cloud or PaaS deployments must contact Fortinet support to confirm their patch status, since managed cloud instances require a different remediation pathway than the self-service firmware upgrade process for on-premises hardware.

Sources & references

  1. The Hacker News: Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
  2. Fortinet PSIRT Advisory FG-IR-26-112 (CVE-2026-39813)
  3. Help Net Security: Fortinet fixes critical FortiSandbox vulnerabilities CVE-2026-39813 and CVE-2026-39808
  4. Security Affairs: Fortinet patched a new critical FortiSandbox flaw CVE-2026-25089
  5. BleepingComputer: Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Free resources

25
Free download

Critical CVE Reference Card 2025–2026

25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.

No spam. Unsubscribe anytime.

Free download

Ransomware Incident Response Playbook

Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.

No spam. Unsubscribe anytime.

Free newsletter

Get threat intel before your inbox does.

50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.

Unsubscribe anytime. We never sell your data.

Eric Bang
Author

Founder & Cybersecurity Evangelist, Decryption Digest

Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.

Black Hat Giveaway

Win a $2,495 Black Hat pass.

Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.

Joins Decryption Digest daily briefing. Unsubscribe anytime.

Giveaway: Black Hat USA 2026 Full-Access Pass ($2,495 value)

Details →
Daily Briefing

Subscribe to enter the giveaway

Every subscriber is automatically entered. You also get daily threat intel every morning: zero-days, ransomware, and nation-state campaigns. Free. No spam.

Already subscribed? You're already entered.

Giveaway

Win a $2,495 Black Hat USA 2026 pass.