Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed June 17, 2026 | 09:59 UTC
4021 CVEs This Month
15 Actively Exploited
0 Ransomware Activity
25 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Threat Intelligence

Attackers Exploit Multiple Vulnerabilities in Fortinet FortiSandbox Including Recently Patched Flaw

Thirumala Rao Padilam Thirumala Rao Padilam June 16, 2026
Attackers Exploit Multiple Vulnerabilities in Fortinet FortiSandbox Including Recently Patched Flaw

Security researchers from Defused Cyber have observed ongoing exploitation of three vulnerabilities affecting Fortinet's FortiSandbox product. Among these flaws is CVE-2026-39813, a critical path traversal vulnerability in the JRPC API, which was patched last week. The activity highlights active threat actor interest in FortiSandbox and the importance of applying recent security updates.

What happened

Defused Cyber, a threat intelligence firm, reported that attackers have been exploiting three security vulnerabilities in the Fortinet FortiSandbox platform within the past 24 hours. The vulnerabilities include CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. CVE-2026-39813 is a path traversal vulnerability in the FortiSandbox JRPC API with a CVSS score of 9.1, indicating high severity. This particular vulnerability was patched by Fortinet last week.

Why it matters

FortiSandbox is a widely used advanced threat protection solution in many enterprise environments. Exploitation of these vulnerabilities can allow attackers to perform unauthorized operations on the affected systems, potentially leading to data exposure or further compromise within an organization’s network. The fact that these flaws are actively being exploited shortly after a patch release underscores the urgency for organizations to implement security updates promptly.

What security teams should do

Security teams using Fortinet FortiSandbox should urgently apply the latest patches issued by Fortinet, especially addressing CVE-2026-39813. It is also advisable to review system logs for any unusual activity correlating with the known exploits of the identified CVEs. Continuous monitoring for indicators of compromise and coordination with threat intelligence sources is recommended to detect potential exploitation attempts in a timely manner.

Key technical details

The primary exploited vulnerability, CVE-2026-39813, involves path traversal in the JRPC API of FortiSandbox and carries a high severity rating with a CVSS score of 9.1. CVE-2026-39808 and CVE-2026-25089 are other vulnerabilities being actively exploited, though specific technical details for these were not disclosed in the report. The attacks have been observed within a short timeframe after a recent patch release, indicating attackers’ rapid adoption of known vulnerabilities.

Affected organizations/products

Fortinet FortiSandbox users are directly affected, with the three vulnerabilities impacting the FortiSandbox threat detection and analysis platform. Organizations running vulnerable versions should prioritize updating their FortiSandbox installations to mitigate exploitation risks.

Source attribution

https://thehackernews.com/2026/06/attackers-exploit-three-fortinet.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!