🔴 Critical | Source: CISA Known Exploited Vulnerabilities
A critical OS command injection vulnerability in Fortinet FortiSandbox allows an unauthenticated attacker to execute arbitrary commands on the affected system by sending specially crafted HTTP requests. This requires no prior authentication, significantly lowering the bar for exploitation. CISA has confirmed active exploitation in the wild, making immediate remediation essential.
Security Architect’s Take: Audit your estate for any internet-exposed FortiSandbox instances and apply Fortinet’s patch immediately — CISA’s remediation deadline is 19 July 2026. As an interim measure, restrict management interface access to trusted IP ranges via network ACLs or firewall rules to reduce the attack surface.
Original advisory: CVE-2026-39808: Fortinet FortiSandbox