Three critical Fortinet FortiSandbox bugs were exploited in the wild, according to cybersecurity researchers at Dufused Cyber.Defused Cyber said CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 were exploited over the past day.The first two were patched in April, while CVE-2026-25089 was only patched last week.Waseem Ahmed, head of engineering at Secure.com, said three critical, actively exploited flaws in Fortinet's FortiSandbox should be on every security team's radar — and organizations running FortiSandbox need to act today.Ahmed explained that FortiSandbox acts as the safe room, it's where suspicious files get opened and watched in isolation before they're ever allowed near the real network. It then tells connected firewalls and email gateways whether to block or allow what it saw. All three of these are critical and now rated at 9.8 and need no login to exploit.“When an attacker gets inside that system, they aren't breaching one box, and they can poison the verdicts that every other tool downstream depends on, waving real malware through as clean,” said Ahmed. “The supposed quarantine becomes the delivery route. Two of these were patched in April, the third last week, so fixes exist for all of them. This is a patching gap, not a fresh threat. Patch FortiSandbox now.”John Bambenek, president at Bambenek Consulting, said security teams use FortiSandbox to automatically analyze files on the wire for malware, ideally before they are delivered to an endpoint. As a result, they see virtually everything.“These vulnerabilities would let an attacker execute code on the systems running the sandboxes which could then use to extract sensitive files or disable protection,” said Bambenek. “Most conventionally, an attacker would use this as a launching pad to further burrow into an organization.”John Untz, senior security engineer at Bishop Fox, added that FortiSandbox acts as the quarantine zone for "unknown" files or URLs that get flagged and passed in from other Fortinet products, such as FortiGate firewalls, FortiMail, and FortiClient. It gets used when an organization's security appliances cannot determine if it's safe or not by performing analysis and controlled execution inside of a virtual environment. Untz said it also supports on-demand and network share targeted scanning of objects, similar to how other anti-virus programs function.All three of the vulnerabilities listed are pre-authentication, and two of them are direct command injection, said Untz. So right off the bat, Untz said they are relatively trivial to exploit when reachable and require no interaction with a human.Here are some important considerations for security teams:
- These devices are never intended to be placed at the boundary of a network. They're designed as part of a security model and should not be exposed through the firewall.
- The vulnerabilities listed affect the management plane; in a properly engineered network, only a select few people and a handful of devices will directly communicate on that VLAN or subnet.
- Two of these vulns were patched in April, covering an auth bypass and an unauthenticated command-injection. Change management should not hold these back, ever.
- Exploiting these vulnerabilities does not by itself mean an attacker was silently passing malware as clean. It means they can get command execution on the appliance, and from there, with sufficient access and effort, the verdict and threat-intel functions are within reach. That’s a serious worst case worth taking seriously, but it’s a downstream possibility, not the immediate effect of the CVE.
