Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Top 10 Identity Threat Detection and Response (ITDR) Solutions for 2026
July 17, 2026
GPT-5.6 Codex Bug Deletes Files From Home Directories
July 17, 2026
Critical TP-Link Tapo Camera Vulnerability Lets Attackers Hijack Devices
July 17, 2026
Home/CyberSecurity News/CISA Warns of Critical Fortinet FortiSandbox OS Injection Flaws Exploited in Attacks
CyberSecurity News

CISA Warns of Critical Fortinet FortiSandbox OS Injection Flaws Exploited in Attacks

Key Takeaways The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical OS command injection vulnerabilities impacting Fortinet FortiSandbox...

Marcus Rodriguez
Marcus Rodriguez
July 17, 2026 3 Min Read
3 0

Key Takeaways

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical OS command injection vulnerabilities impacting Fortinet FortiSandbox products.
  • Identified as CVE-2026-39808 and CVE-2026-25089, these flaws permit unauthenticated attackers to execute arbitrary commands remotely through specially crafted HTTP requests.
  • Both vulnerabilities have been actively exploited in real-world attacks, prompting CISA to add them to its Known Exploited Vulnerabilities (KEV) Catalog.
  • Affected products include FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS environments.
  • Organizations are mandated to apply vendor-provided mitigations immediately, with federal agencies facing a strict deadline of July 19, 2026.

CISA Issues Urgent Alert for Exploited Fortinet FortiSandbox Flaws

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on two critical vulnerabilities within Fortinet’s FortiSandbox suite, confirming that these flaws are under active exploitation by threat actors. The agency has officially listed both issues in its Known Exploited Vulnerabilities (KEV) Catalog, underscoring the immediate threat they pose.

Table Of Content

  • Key Takeaways
  • CISA Issues Urgent Alert for Exploited Fortinet FortiSandbox Flaws
  • Deep Dive into FortiSandbox Vulnerabilities
  • Urgent Remediation Required
  • What You Should Do

These vulnerabilities, tracked as CVE-2026-39808 and CVE-2026-25089, are classified as OS command injection weaknesses (CWE-78). This type of flaw arises when an application fails to adequately sanitize user input before passing it to an operating system command interpreter. The result is a critical security bypass, enabling unauthenticated attackers to execute unauthorized operating system commands merely by sending specially crafted HTTP requests to vulnerable devices.

Deep Dive into FortiSandbox Vulnerabilities

CVE-2026-39808 directly impacts Fortinet FortiSandbox. CISA’s advisory indicates that a remote, unauthenticated attacker could leverage this vulnerability to execute arbitrary code or commands on the targeted device. This level of access bypasses the need for any valid credentials, making it an attractive target for malicious actors.

The second vulnerability, CVE-2026-25089, presents an even broader risk profile. Its impact extends beyond standalone FortiSandbox deployments to include FortiSandbox Cloud and FortiSandbox PaaS environments. Similar to CVE-2026-39808, this flaw allows unauthenticated remote attackers to achieve direct command execution on affected systems via malicious HTTP requests.

FortiSandbox products are crucial components in many organizations’ security postures, designed to detect and analyze suspicious files, URLs, and malware within isolated environments. Given their role in handling potentially malicious content and their integration with broader security infrastructure, a successful compromise of these systems could provide attackers with a significant and dangerous foothold within an organization’s network.

Urgent Remediation Required

CISA added both vulnerabilities to the KEV Catalog on July 16, 2026, a clear indication of their active exploitation. In response, Federal Civilian Executive Branch agencies are mandated to implement vendor-provided mitigations by July 19, 2026, in compliance with Binding Operational Directive BOD 26-04. This extremely tight remediation window highlights the severe and immediate risk posed by these internet-accessible and actively exploited vulnerabilities.

While CISA has not explicitly confirmed if these vulnerabilities are being used in ransomware campaigns, the nature of command injection flaws makes them prime targets for such attacks. Threat actors commonly exploit these vulnerabilities to deploy web shells, harvest credentials, facilitate lateral movement within networks, disable security tools, or install various forms of malware.

What You Should Do

  • Apply Updates Immediately: Administrators must promptly review Fortinet’s advisories and apply all available security updates and mitigations for FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS.
  • Identify and Secure Assets: Identify all internet-facing FortiSandbox assets and restrict access to management interfaces to authorized personnel and IP addresses only.
  • Monitor for Anomalies: Scrutinize HTTP logs for any unusual or malformed requests, and investigate any unexpected command executions or the creation of new administrative accounts.
  • Forensic Triage: Follow CISA’s forensic triage requirements to determine if systems were compromised prior to the application of remediation steps.
  • Discontinue Use if Unpatched: If patches or mitigations are unavailable, CISA advises adhering to relevant cloud service guidance or discontinuing the use of affected products until the risks are fully addressed.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitMalwarePatchransomwareSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Linus Torvalds Clarifies Linux Kernel’s Stance on AI Development

Next Post

Critical TP-Link Tapo Camera Vulnerability Lets Attackers Hijack Devices

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
7-Zip Critical Vulnerability Exposes Millions to Remote Code Execution
July 17, 2026
Two Hackers Jailed for Hacking 148 TfL Systems, Forcing 27,000 Staff Password Resets
July 17, 2026
AnyDesk Critical 0-Day Vulnerability Lets Attackers Trigger DoS
July 16, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us