{"id":274512,"date":"2026-06-16T10:26:00","date_gmt":"2026-06-16T14:26:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/16\/fortinet-warned-as-three-critical-fortisandbox-bugs-come-under-attack\/"},"modified":"2026-06-16T11:15:13","modified_gmt":"2026-06-16T15:15:13","slug":"fortinet-warned-as-three-critical-fortisandbox-bugs-come-under-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/16\/fortinet-warned-as-three-critical-fortisandbox-bugs-come-under-attack\/","title":{"rendered":"Fortinet Warned as Three Critical FortiSandbox Bugs Come Under Attack"},"content":{"rendered":"

Fortinet Warned as Three Critical FortiSandbox Bugs Come Under Attack<\/a><\/p>\n

https:\/\/securityaffairs.com\/193709\/ai\/fortinet-warned-as-three-critical-fortisandbox-bugs-come-under-attack.html<\/a><\/p>\n

Publish Date: 2026-06-16 10:26:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Fortinet Warned as Three Critical FortiSandbox Bugs Come Under Attack<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ June 16, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Cybersecurity firm Defused Cyber confirmed it\u2019s seen active exploitation of three vulnerabilities in Fortinet FortiSandbox within a 24-hour window. Two of them had patches sitting available since April. The third got fixed last week, which, apparently, wasn\u2019t fast enough.<\/p>\n

\ud83d\udea8We are observing exploitation of multiple Fortinet FortiSandbox vulnerabilities during the past 24 hours, including:<\/p>\n

CVE-2026-39813 (no previous recorded exploitation)
CVE-2026-39808
CVE-2026-25089 (vibecoded, likely faulty exploit) <\/p>\n

Per our research a working exploit for\u2026 pic.twitter.com\/obZTugupWT<\/p>\n

\u2014 Defused (@DefusedCyber) June 15, 2026<\/p>\n

CVE-2026-39813 (CVSS score: 9.1) is a path traversal vulnerability in FortiSandbox JRPC API that could allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests. Its twin, CVE-2026-39808, carries the same severity score and is an OS command injection flaw, same attack vector, same result: unauthenticated code execution via crafted HTTP requests. Both had patches available for two months.<\/p>\n

The third flaw, CVE-2026-25089, hits a broader surface. Fortinet described it as an operating system command injection impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI that could allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. The patch dropped last week, yet it\u2019s already being used in the wild.<\/p>\n

Here\u2019s where it gets interesting. The exploit for CVE-2026-25089 appears to have been built with AI assistance, and it shows, not in a good way. Defused Cyber researchers speculate that the exploit for CVE-2026-25089 not only shows signs of being developed using an artificial intelligence (AI) model, but is also bugged. A working exploit for the vulnerability has not been…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Fortinet Warned as Three Critical FortiSandbox Bugs Come Under Attack https:\/\/securityaffairs.com\/193709\/ai\/fortinet-warned-as-three-critical-fortisandbox-bugs-come-under-attack.html Publish Date: 2026-06-16 10:26:00…<\/p>\n","protected":false},"author":1,"featured_media":274513,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2019\/11\/fortinet-logo.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,31,27],"class_list":["post-274512","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/274512"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=274512"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/274512\/revisions"}],"predecessor-version":[{"id":274514,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/274512\/revisions\/274514"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/274513"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=274512"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=274512"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=274512"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}