FortiSandbox Vulnerabilities Expose Systems to Auth Bypass and Command Execution
ID: e694cb9a-3e46-5998-aaf4-77870b9ec09f
STIX ID: report--e694cb9a-3e46-5998-aaf4-77870b9ec09f
Feed Name: SOCRadar Blog
Fortinet FortiSandbox has three critical vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089; CVSS 9.8) that allow authentication bypass and unauthenticated OS command execution via API, JRPC, and Web UI endpoints; affected 4.4 and 5.0 branches (and some cloud/PaaS variants) should be upgraded immediately. The advisory emphasizes high risk for internet-facing management interfaces, notes reported exploitation activity, and recommends patching to fixed versions, restricting access, reviewing HTTP logs for probing/exploitation patterns, and hunting for post-exploitation indicators.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
