Three unauthenticated bugs in FortiSandbox, a security appliance that detonates and inspects suspicious files, are now under active exploitation, and two of them have been waiting to be exploited for two months.
Fortinet's FortiSandbox, a security appliance that detonates and inspects suspicious files before they reach the rest of the network, is now under active attack through three unauthenticated vulnerabilities, all rated 9.1 out of 10 on the industry severity scale. The threat intelligence firm Defused says it observed exploitation begin "over the weekend," and Fortinet has declined to comment on whether it has independently seen the same activity.
Two of the three flaws were patched in April, but the attacks are only surfacing now, leaving defenders who deferred upgrades with a roughly two-month exposure window that patching alone can no longer close. Those defenders may need to look back through their logs, not just forward.
The three CVEs are CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. All three are rated 9.1 on the CVSS scale and all three can be triggered over the network without credentials. According to The Register's reporting on the disclosure, Defused is the firm reporting active in-the-wild exploitation, and that claim has not been independently corroborated.
CVE-2026-39813 is a path-traversal bug, a flaw that lets a crafted request escape its intended directory and reach sensitive parts of the device, in FortiSandbox's JRPC API, an internal interface used to talk to the sandbox engine. The flaw lets an unauthenticated attacker bypass authentication with a crafted HTTP request. It was discovered by Fortinet security analyst Loic Pantano and patched in April. The bug affects FortiSandbox 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5; the fix is in 4.4.9 and 5.0.6 and later.
CVE-2026-39808 is an OS command injection, a bug that lets an attacker run operating-system commands on the device, in FortiSandbox that allows unauthenticated remote code execution via HTTP. It was also patched in April. It was discovered and reported by Samuel de Lucas Maroto of KPMG Spain. The bug affects FortiSandbox 4.4.0 through 4.4.8; the fix is in 4.4.9 and later. FortiSandbox 5.0 is not affected by this CVE.
CVE-2026-25089 is another OS command injection flaw in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS that allows unauthenticated attackers to execute unauthorized commands via specifically crafted HTTP requests. It was patched last week, the week of June 9, 2026, which narrows the exposure window but raises its own near-zero-day question. Defenders who applied last week's fix should still check for evidence of probing in the days just before patching.
At the time of disclosure, Fortinet said it had received no reports of active exploitation for any of these bugs. That stance is now in tension with Defused's report. Fortinet did not respond when asked whether it has since observed attacks against the same flaws.
This is the latest in a string of Fortinet sandbox, endpoint management, and firewall bugs that have been hit by attackers as zero-days or near-zero-days, a pattern the security community has been tracking for months. The fact that two of the three newly exploited flaws were patched in April is what gives this round operational urgency. Defenders who followed Fortinet's "no exploitation" guidance at disclosure and deprioritized upgrades now have to consider whether their FortiSandbox appliances were probed in May or early June, not just whether they are vulnerable today.
What to do this week, in order:
../ or URL-encoded variants, between April and now, on a FortiSandbox reachable from an untrusted network, is reason to escalate.For organizations that patched in April, the immediate question is whether the appliance ever saw an exploitation attempt during the two-month window. For organizations that did not, the immediate question is whether it has already been owned.