THREAT WATCH
Critical Fortinet FortiSandbox: CVE-2026-25089 — Fortinet FortiSandbox OS Command Injection Vulnerability Critical Fortinet FortiSandbox: CVE-2026-39808 — Fortinet FortiSandbox OS Command Injection Vulnerability Critical Oracle E-Business Suite: CVE-2026-46817 — Oracle E-Business Suite Improper Privilege Management Vulnerability High KNX Association KNX Protocol Connection Authorization Option 1: CVE-2023-4346 — KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability High Microsoft Active Directory Federation Services: CVE-2026-56155 — Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability Medium Microsoft SharePoint Server: CVE-2026-56164 — Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability Critical SonicWall SMA1000 Appliances: CVE-2026-15409 — SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability High SonicWall SMA1000 Appliances: CVE-2026-15410 — SonicWall SMA1000 Appliances Code Injection Vulnerability Critical Fortinet FortiSandbox: CVE-2026-25089 — Fortinet FortiSandbox OS Command Injection Vulnerability Critical Fortinet FortiSandbox: CVE-2026-39808 — Fortinet FortiSandbox OS Command Injection Vulnerability Critical Oracle E-Business Suite: CVE-2026-46817 — Oracle E-Business Suite Improper Privilege Management Vulnerability High KNX Association KNX Protocol Connection Authorization Option 1: CVE-2023-4346 — KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability High Microsoft Active Directory Federation Services: CVE-2026-56155 — Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability Medium Microsoft SharePoint Server: CVE-2026-56164 — Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability Critical SonicWall SMA1000 Appliances: CVE-2026-15409 — SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability High SonicWall SMA1000 Appliances: CVE-2026-15410 — SonicWall SMA1000 Appliances Code Injection Vulnerability

CVE-2026-39808 — Fortinet FortiSandbox OS Command Injection Vulnerability

Back to Threat Intel Dashboard
Critical CVSS 9.8 Actively exploited · CISA KEV

Fortinet FortiSandbox

CVE-2026-39808 Added Jul 16, 2026 Remediation due in 2 days
TL;DR

Fortinet FortiSandbox is affected by a critical-severity vulnerability (CVE-2026-39808) that is confirmed to be actively exploited in the wild. Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

What is this vulnerability?

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

How it works

This is classified as OS Command Injection. In plain terms, an attacker could use this flaw in FortiSandbox to gain access, disrupt service, or steal data — the exact impact depends on how it’s deployed in your environment.

CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Required action

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Mitigations

  • Apply the vendor’s security patch or update as soon as it’s available and tested.
  • If no patch exists yet, apply the vendor’s temporary workaround.
  • Limit network exposure of the affected system until it’s patched.
  • Review logs for signs of prior exploitation, especially if it’s flagged for ransomware use.

Recommendations

  • Confirm whether Fortinet FortiSandbox is used anywhere in your environment.
  • Patch internet-facing systems first, then internal ones.
  • Set a reminder ahead of the remediation deadline so it doesn’t slip.
  • Subscribe to the vendor’s security advisories for earlier warning next time.

Compiled from public threat intelligence (CISA Known Exploited Vulnerabilities catalog and the National Vulnerability Database, referenced in 3 public advisories).