Overview
The Cybersecurity and Infrastructure Security Agency (CISA) added two critical Fortinet FortiSandbox vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on July 16, 2026, directing Federal Civilian Executive Branch (FCEB) agencies to patch within three days — by July 19, 2026 — under the accelerated timeline established by Binding Operational Directive 26-04.
Both flaws are unauthenticated OS command injection vulnerabilities carrying CVSS scores of 9.1 to 9.8, and exploitation has been actively observed in the wild since June 2026.
The Vulnerabilities
CVE-2026-25089 — Web UI OS Command Injection (CVSS 9.8)
This flaw resides in FortiSandbox's Web UI, specifically in the "start VNC" feature. An unauthenticated remote attacker can inject shell metacharacters via crafted JSON payloads sent via HTTP POST to the /jsonrpc/ endpoint — requiring no credentials, no user interaction, and minimal attack complexity.
Fortinet patched CVE-2026-25089 on June 9, 2026. CISA added it to the KEV catalog July 16, 2026, following confirmed exploitation.
CVE-2026-39808 — API Endpoint OS Command Injection (CVSS 9.8)
This vulnerability affects a FortiSandbox API endpoint, allowing unauthenticated attackers to execute arbitrary commands as root via crafted HTTP requests. A public proof-of-concept exploit weaponizing the jid GET parameter via pipe-chained Unix commands has been available since April 2026. Exploitation was first captured by honeypot sensors on June 12, 2026.
CVE-2026-39813 — Authentication Bypass via Path Traversal (CVSS 9.1)
A third related flaw, also added to the KEV catalog simultaneously, allows attackers to bypass authentication entirely by injecting traversal sequences into the JRPC API. This vulnerability enables chaining: attackers can bypass authentication via CVE-2026-39813 and then trigger command injection via CVE-2026-25089 or CVE-2026-39808, achieving full unauthenticated root-level code execution.
Why FortiSandbox Is a High-Value Target
FortiSandbox is a malware detonation and threat analysis platform — the appliance organizations use to safely examine suspicious files and network traffic. Compromising it gives attackers:
- Visibility into threat intelligence workflows and what threats an organization is actively investigating
- Access to network credentials and integration pathways between security tools
- Persistent blind spots in security operations — potentially allowing other malware to pass through undetected
- Long-term persistence inside the security stack itself, far removed from typical endpoint detection coverage
The stakes are uniquely high precisely because these are security infrastructure devices.
Affected Versions
| Product | Affected Versions |
|---|---|
| FortiSandbox | 5.0.0 – 5.0.5, 4.4.0 – 4.4.8, all 4.2.x versions |
| FortiSandbox Cloud | 5.0.4 – 5.0.5 |
| FortiSandbox PaaS | 23.4 – 22.2 |
Remediation
Patch immediately:
- Upgrade FortiSandbox on-premises to 4.4.9 or 5.0.6+
- Upgrade FortiSandbox Cloud and PaaS to 5.0.6+
- FortiSandbox 4.2.x has no direct fix — contact Fortinet for migration guidance
If immediate patching is not feasible:
- Isolate the management interface from untrusted networks immediately
- Restrict web UI and API access to designated administrator hosts only
- Audit logs for indicators of compromise, particularly unexpected commands or lateral movement from the appliance
- Monitor outbound connections from FortiSandbox for anomalous activity
Broader Threat Context
These advisories come amid a large-scale campaign attributed to suspected Russian-speaking threat actors that has targeted over 30,000 Fortinet firewalls across 194 countries. The campaign reportedly involved more than 1.16 billion credential attempts against FortiGate targets.
Organizations running Fortinet security appliances should treat this advisory as a priority-one patching event regardless of federal mandate status.