FortiSandbox triple active exploitation (CVE-2026-39808/39813/25089) — simultaneous in-the-wild exploitation

UPDATE (originally covered 2026-06-12): When CVE-2026-25089 was covered on 06-12 it was disclosure-only. Threat-intel firm Defused Cyber has now reported active exploitation of three FortiSandbox flaws within a single 24-hour window — CVE-2026-39808 (CVSS 9.8, JRPC OS command injection), CVE-2026-39813 (CVSS 9.1, JRPC path traversal / auth bypass), both with patches available since April 2026, and CVE-2026-25089 (CVSS 9.8, web-UI command injection), patched 2026-06-09 (Security Affairs, 2026-06-16).

FortiSandbox supplies sandboxed file verdicts that FortiGate, FortiMail, FortiProxy and FortiClient consume to make blocking decisions, so a compromised sandbox can suppress detection across the dependent Fortinet stack (Help Net Security, 2026-06-16). The CVE-2026-25089 exploit seen in the wild appears AI-generated and is assessed as faulty, yet still finds traction against unpatched deployments — evidence that exposed, unpatched FortiSandbox interfaces remain. Fortinet has not yet officially confirmed exploitation. Patch all three; until then, restrict management-interface exposure and watch FortiSandbox web-UI/JRPC access logs for unauthenticated external POSTs.

Fortinet patched CVE-2026-25089 (CWE-78, internal reference FG-IR-26-141) on 9 June: the FortiSandbox web interface's "start VNC" handler passes attacker-controlled JSON to the underlying OS without sanitisation, allowing a remote unauthenticated attacker to achieve second-order command injection via a crafted HTTP request (NCSC-NL, 2026-06-11). Affected: FortiSandbox 5.0.0–5.0.5 and 4.4.0–4.4.8 (plus corresponding Cloud/PaaS builds); fixed in 5.0.6 and 4.4.9. CCB Belgium urges immediate patching and warns that the public availability of a proof-of-concept exploit increases the likelihood of exploitation (CCB Belgium, 2026-06-11). No in-the-wild exploitation is reported, and the management interface is not meant to be internet-reachable — but with a public PoC available, a compromised FortiSandbox hands an attacker every file your SOC submits for detonation, plus a trusted foothold inside the security stack (T1190). Discovered internally by Fortinet's product-security team; the FortiGuard PSIRT page was unreachable in this run (see § 7).

CVE Summary Table

Fortinet's 2026-05-13 PSIRT batch addresses two unauthenticated remote-code-execution flaws on management-plane Fortinet appliances common in Swiss federal and cantonal estates. CVE-2026-44277 (FortiAuthenticator, the SAML / RADIUS / 802.1X identity broker) and CVE-2026-26083 (FortiSandbox, the malware-analysis appliance) are both pre-auth network-reachable and CVSS ≥ 9. Daily 2026-05-13 confirmed patched builds; no ITW exploitation reported at week-end. Operational implication: FortiAuthenticator sits at the centre of identity-broker trust chains in many public-sector network architectures, so a compromised FortiAuthenticator yields cross-domain credential-issuance capability that is materially worse than a typical RCE — patch state should be verified explicitly on every FortiAuthenticator deployment (Fortinet PSIRT FG-IR-26-128 / FG-IR-26-136; daily 2026-05-13).

Fortinet published two PSIRT advisories on 2026-05-12, picked up by NCSC-CH within hours. CVE-2026-44277 (CWE-284 Improper Access Control) is an unauthenticated network attacker reaching the FortiAuthenticator management-interface API and executing arbitrary commands via crafted requests; vendor PSIRT lists CVSS 9.1 (NCSC-CH and some early reports surfaced 9.8 — § 7 documents the convergence). Affected: 6.5.0–6.5.6, 6.6.0–6.6.8 and 8.0.0–8.0.2. Fixed in 6.5.7 / 6.6.9 / 8.0.3. FortiAuthenticator Cloud (IDaaS) is not affected (Fortinet PSIRT FG-IR-26-128, 2026-05-12; NCSC-CH Security Hub #12569, 2026-05-13). CVE-2026-26083 (CWE-862 Missing Authorization) is an unauthenticated attacker reaching the FortiSandbox Web UI and executing code at CVSS 9.1 per the Fortinet PSIRT advisory (Fortinet PSIRT FG-IR-26-136, 2026-05-12; BleepingComputer, 2026-05-13). Affected FortiSandbox: 4.4.0–4.4.8 (fixed 4.4.9), 5.0.0–5.0.1 (fixed 5.0.2), plus multiple PaaS / Cloud variants; on-prem Cloud 23 and 24 require migration rather than an in-place patch. Both discoveries are attributed to internal Fortinet audit; exploitation status is unknown at disclosure. The defender-relevant attack surface is the network-reachable management plane on each appliance class. Detection concepts mapped to T1190 Exploit Public-Facing Application: alert on FortiAuthenticator / FortiSandbox management-port reach from outside the SOC management VLAN; treat any anomalous outbound HTTP from these appliances (Sysmon-equivalent on FortiOS via diagnose debug application httpsd for FortiAuthenticator) as potential post-exploit egress. Hardening: enforce the perimeter / internal firewall rule that FortiAuthenticator GUI / API and FortiSandbox Web UI are reachable only from named admin / SOC source IPs — Fortinet's PSIRT pages explicitly call this out as the residual hardening even after patching.