Incident & Breach Response
,
Security Operations
Agencies Have Until Sunday to Patch Two Critical Command Injection Flaws

The Fortinet patching frenzy continues: The U.S. Cybersecurity and Infrastructure Security Agency added a pair of flaws to the firewall maker’s threat detection and malware analysis solution FortiSandbox to its Known Exploited Vulnerabilities catalog Thursday.
See Also: Know Thy Enemy: Threats to Cyber Resilience
The two critical-severity bugs, tracked as CVE-2026-39808 and CVE-2026-25089, affect the Fortinet product that provides isolated testing environments for suspicious or unknown files before they are opened. Fortinet issued a fix for each flaw in April and June, respectively.
“Fortinet FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS contain an OS command injection vulnerability that allows an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests,” CISA said, directing government agencies to patch by Sunday.
Fortinet has not confirmed exploitation of the vulnerabilities. Threat intelligence firm Defused reported evidence of exploitation attempts in mid-June against both flaws, along with a third FortiSandbox vulnerability.
“We are observing exploitation of multiple Fortinet FortiSandbox vulnerabilities during the past 24 hours, including: CVE-2026-39813 [no previous recorded exploitation], CVE-2026-39808, CVE-2026-25089 [vibecoded, likely faulty exploit],” Defused said on social media X.
The active exploitation follows the recent FortiBleed credential-harvesting campaign that compromised more than 430,000 FortiGate firewalls by exploiting previously disclosed but unpatched vulnerabilities. One of seven new vulnerabilities Fortinet disclosed in its Tuesday patch release, CVE-2026-59835, also affects FortiSandbox.
“Even when vulnerabilities are disclosed by researchers to the vendors, threat actors will still develop exploits in the following weeks and months,” said John Bambenek, president of cybersecurity consultancy Bambenek Consulting.
Bambenek said network and network-adjacent devices might not be on security engineers’ top of mind for rapid patching, but they are soft spots inviting attacks.
“FortiSandbox is supposed to be the safe room where organizations detonate malware – not a place attackers can run their own commands without credentials,” said Paul Asadoorian, principal security researcher at supply chain security firm Eclypsium. “When that system is compromised, adversaries gain insight into what defenders are analyzing and a ready-made pivot point deeper into the network.”
For CVE-2026-25089, the problem stems from improper sanitization of user-supplied input before it is used in OS command execution, primarily in the “Start VNC” web UI feature, network monitoring firm Arctic Wolf said.
“This leads to remote code execution, full system compromise, access to sensitive sandboxed data, potential network pivoting and attacker persistence,” Arctic Wolf said.
The unauthenticated flaw is easy to weaponize, especially on appliances exposed to the public network, Arctic Wolf said. “Though FortiSandbox has a limited enterprise footprint [market share ≈ 0.06%], its deployments are typically in high-value sectors – such as financial services, large enterprises and critical infrastructure – which magnifies the potential impact of compromise.”
CVE-2026-39808 also exploits insufficient input validation. “When processing certain input, the application fails to properly neutralize special characters and shell metacharacters before passing them to system command execution functions,” security firm SentinelOne said. “This allows an attacker to break out of the intended command context and inject arbitrary OS commands that execute with the privileges of the FortiSandbox service.”
The attack can be carried out remotely without authentication or prior privileges on the target system, SentinelOne said.
Signs of compromise include FortiSandbox services launching unexpected processes, unusual outbound connections from the appliance to external IP addresses, suspicious command execution recorded in system logs and unauthorized files or scripts in temporary directories, SentinelOne said.
