Top/Articles/Fortinet FortiSandbox Has Four No-Login Takeover Flaws (CVE-2026-39808 and More): Some Exploited β€” Update Now
fortinet-fortisandbox-cve-cover-en

Fortinet FortiSandbox Has Four No-Login Takeover Flaws (CVE-2026-39808 and More): Some Exploited β€” Update Now

Fortinet FortiSandbox, the appliance handling corporate malware defense, has four unauthenticated severity-9.8 takeover flaws. CVE-2026-39808 has a public PoC and confirmed exploit evidence, and another is under observed attack. The device meant to defend could become the way in, so operators should update to the latest fix immediately.

NewsPublished July 8, 2026 Updated today
Table of contents
Key takeaways

Fortinet FortiSandbox, the appliance handling corporate malware defense, has four unauthenticated severity-9.8 takeover flaws. CVE-2026-39808 has a public PoC and confirmed exploit evidence, and another is under observed attack. The device meant to defend could become the way in, so operators should update to the latest fix immediately.

Fortinet's "FortiSandbox," the dedicated appliance that inspects suspicious files reaching a corporate network to catch malware, has been hit by a string of flaws that let attackers take over the server from outside without logging in. All are rated 9.8 out of 10 β€” near the maximum β€” and at least two are already under observed attack. The very device meant to defend the network could become the way in.

The flaws are four: CVE-2026-39808, CVE-2026-39813, CVE-2026-26083, and CVE-2026-25089 β€” all allowing command execution with no login. Fortinet has released fixes for each; organizations running FortiSandbox should update now.

Overview of the four flaws

CVETypeSeverityLoginStatus
CVE-2026-39808Command injection9.8NoneExploit evidence・PoC
CVE-2026-39813Path traversal9.8NoneExploitation observed
CVE-2026-26083Missing authorization9.8NoneNo exploit seen
CVE-2026-25089Command injection9.8NonePoC crude,
not confirmed working

"Severity" is the CVSS value, an international scale rating how serious a flaw is out of 10. All four align on "no login, remote, full control," earning a near-maximum 9.8.

Who targets this, and what's the damage?

The attackers are operators who take over a device at the heart of a company's defenses and use it as a foothold to break inside. FortiSandbox protects the organization by judging whether arriving files are safe. Seize that judgment engine, and an attacker can make their own malware be labeled "safe" and slip past the defense, or pivot from there into other internal systems. Taking the center of the defense makes it a high-value target.

What the attacker does is send crafted web traffic without logging in and run their own commands on the device. All four flaws lead to this "unauthenticated command execution." Once a command lands, they fully control the device and plant additional programs to persist.

The first to suffer are the companies and agencies running FortiSandbox. With their malware defense blinded, they can be breached unnoticed, leading to theft of confidential data or ransomware deployment. Ultimately, the partners and users who entrust their data to that organization are affected too. When the defensive appliance is breached, everything behind it is exposed.

What FortiSandbox is

FortiSandbox is a "sandbox"-type malware analysis appliance from network-security giant Fortinet. A sandbox is a mechanism that actually runs a received file in an isolated, safe environment and watches for suspicious behavior. It inspects email attachments and downloads before they reach production, surfacing unknown malware β€” a piece of the corporate defense network.

Fortinet is widely used at companies and government agencies (via FortiGate firewalls and more), and FortiSandbox works alongside them. Devices at the core of the defense are often placed at the network boundary facing the outside, so when a flaw appears they are easy to target. Fortinet products have had serious flaws exploited in real attacks before; actively exploited flaws are also published on the U.S. CISA Known Exploited Vulnerabilities (KEV) list.

Technical details

CVE-2026-39808: unauthenticated command injection (evidence of exploitation)

The most concerning of the four. Special characters in incoming data are not handled properly, so an OS command slipped in by the attacker gets executed (OS command injection, CWE-78). Severity 9.8, no login required. Published as Fortinet advisory FG-IR-26-100, with a proof-of-concept public on GitHub and public agencies confirming evidence of exploitation. It affects FortiSandbox 4.4.0–4.4.8 and some PaaS versions.

CVE-2026-39813: reaching places it shouldn't (exploitation observed)

A path traversal (CWE-24) that abuses "go up one level"-style file-path references to reach places it shouldn't and seize privilege. Severity 9.8, no login, published as Fortinet FG-IR-26-112. Security firm Defused reported observing real exploitation on June 16, 2026. It affects FortiSandbox 4.4.0–4.4.8 and 5.0.0–5.0.5, among others.

CVE-2026-26083: code execution via a missing authorization check

An operation that should verify privilege before allowing it is missing that check (missing authorization, CWE-862). Severity 9.8, no login, with the risk of code execution over web traffic. Published as Fortinet FG-IR-26-136. No real exploitation has been reported so far, but the condition is "unauthenticated" like the two above, so it cannot be taken lightly.

CVE-2026-25089: unauthenticated command injection (PoC not confirmed working)

Also an OS command injection (CWE-78), severity 9.8, no login. Published as Fortinet FG-IR-26-141. Attempts to exploit it were observed, but the circulating proof-of-concept is crude and does not work as-is, and no reliably working exploit has been published yet. Still, since the flaw itself is unauthenticated, a practical attack could appear at any time. It affects FortiSandbox 4.2.0–4.2.8, 4.4.0–4.4.8, and 5.0.0–5.0.5, among others.

Affected versions and update guidance

LineAffected (by one of the four)Action
FortiSandbox 4.24.2.0 – 4.2.8Update to the fix each
advisory specifies
FortiSandbox 4.44.4.0 – 4.4.8Update to 4.4.9 or later
FortiSandbox 5.05.0.0 – 5.0.5Update to 5.0.6 or later
FortiSandbox Cloud / PaaSRelevant versionsFollow Fortinet's guidance
to update / verify

Which version maps to which CVE varies per flaw. Cross-check your version against the advisories (FG-IR-26-100 / 112 / 136 / 141) and update to the latest fix.

How events unfolded

← Swipe to move

What to do now

The fix is to update FortiSandbox to the latest patched version following Fortinet's advisories (FG-IR-26-100 / 112 / 136 / 141). With real exploitation observed, it cannot wait. Check your line against the version table above and update the 4.4 line to 4.4.9 or later and the 5.0 line to 5.0.6 or later. For Cloud and PaaS, follow Fortinet's guidance.

If you cannot update right away, a stopgap is to keep the FortiSandbox management interface off the public internet and restrict access to trusted IP addresses, reducing exposure to indiscriminate scanning. Also review logs for suspicious command execution or outbound traffic on the device.

βœ“ Confirmed facts

  • βœ“Four unauthenticated 9.8 takeover flaws in FortiSandbox (39808 / 39813 / 26083 / 25089)
  • βœ“CVE-2026-39808 has a public PoC and public agencies confirm evidence of exploitation (FG-IR-26-100)
  • βœ“Defused observed real exploitation of FortiSandbox flaws on June 16, 2026 (BleepingComputer)
  • βœ“Fortinet has released fixes: 4.4.9 or later for the 4.4 line, 5.0.6 or later for the 5.0 line

Closing

FortiSandbox exists to catch malware and defend the organization. That defensive device now carries four near-maximum-severity flaws exploitable without a login, and several are already under attack. Breach the device meant to defend, and the defenses behind it collapse at once. On paper, "four flaws at 9.8" is an unusual concentration.

FortiSandbox is not a product ordinary consumers own; the target is limited to the companies and agencies that operate it. But counting the partners and users whose data is held there, the impact is far from small. Organizations running it should check their version today and move ahead with the update.

References

avatar-m-1

Makoto Horikawa

Backend Engineer / AWS / Django