Unknown Actors Target Fortinet Sandbox, Three Critical Flaws Exploited in the Wild

The Weekend Surge

Over a recent weekend, threat-intelligence telemetry lit up with reconnaissance and exploitation attempts targeting FortiSandbox installations across enterprise networks. The target? Three authentication-bypass and command-injection flaws that Fortinet had quietly patched between April and the first week of June, each carrying a CVSS score of 9.1.

According to Defused, the exploitation wave emerged within a 24-hour window, suggesting coordinated reconnaissance or shared tooling among adversaries. All three vulnerabilities allow unauthenticated attackers to sidestep login gates, escalate system privileges, or execute arbitrary code via HTTP requests - a trifecta that turns sandbox appliances, ironically designed to detonate malware safely, into footholds for lateral movement.

At DailyTechWire, we've followed Fortinet's security posture closely, particularly as the vendor's VPN and edge appliances remain prime targets for ransomware operators and state-nexus groups. This latest cluster underscores a familiar pattern: patches ship, advisories declare no exploitation, and weeks later the wild catches up.

The Vulnerability Breakdown

The first bug to draw fire, CVE-2026-39813, is a path-traversal flaw buried in FortiSandbox's JRPC API. Attackers can craft HTTP requests that navigate directory structures outside intended boundaries, bypassing authentication entirely. Versions 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5 are vulnerable; Fortinet shipped fixes in releases 4.4.9 and 5.0.6. Loic Pantano, a security analyst at Fortinet, discovered and reported the issue internally.

CVE-2026-39808, the second flaw patched in April, is a classic OS command injection. Unauthenticated attackers can slip shell commands into HTTP requests, executing code at the operating-system level. The vulnerability affects the same 4.4.x branch - versions 4.4.0 through 4.4.8 - and remediation requires an upgrade to 4.4.9 or later. Samuel de Lucas Maroto, a researcher at KPMG Spain, identified this vulnerability.

The most recent addition, CVE-2026-25089, surfaced in Fortinet's advisory last week. It is another OS command-injection vector, this time spanning FortiSandbox, FortiSandbox Cloud, and FortiSandbox Platform-as-a-Service (PaaS) deployments. The web UI accepts maliciously crafted HTTP requests that inject unauthorized commands. Affected versions include FortiSandbox 4.4.0 through 4.4.8, 5.0.0 through 5.0.5, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5. Patches are available across all branches.

Defused noted that a publicly available exploit for CVE-2026-25089 had not yet appeared in underground forums or GitHub repositories at the time of their Monday post, raising the possibility that the attack code circulating over the weekend was either privately developed or hastily assembled - what some researchers colloquially term "vibe coded," meaning it may contain errors or incomplete logic.

The Exploitation Timeline and Vendor Silence

Fortinet's April advisories for CVE-2026-39813 and CVE-2026-39808 explicitly stated that the vendor had observed no active exploitation at the time of disclosure. The same language accompanied the June advisory for CVE-2026-25089. Yet within days of the third patch, telemetry from Defused began recording live attempts.

Fortinet has not publicly commented on the exploitation activity, nor has the vendor clarified whether its own threat-intelligence teams observed similar attack traffic. The silence is notable: in previous incidents involving critical Fortinet vulnerabilities - particularly those affecting VPN gateways - the vendor has issued supplementary advisories or mitigation guidance once exploitation was confirmed.

The timing of the attacks aligns with a broader uptick in targeting of perimeter and security appliances. Earlier this month, Check Point VP of research Lotem Finkelstein warned that ransomware operators had begun exploiting a separate critical authentication-bypass flaw in Fortinet's Remote Access VPN and Mobile Access products. Finkelstein's team assessed with medium-to-high confidence that the same adversary group was likely leveraging other VPN-related vulnerabilities in Fortinet's portfolio, suggesting a systematic approach to discovering and chaining flaws across the vendor's product line.

Why Sandbox Appliances Matter in Attack Chains

FortiSandbox occupies a peculiar position in enterprise security architecture. Unlike firewalls or intrusion-prevention systems that sit inline and filter traffic in real time, sandbox appliances operate as analysis engines: they detonate suspicious files, scripts, and executables in isolated environments, generating behavioral reports for SOC analysts.

Because sandbox appliances often receive untrusted payloads by design, they are typically segmented from production networks. But that segmentation is not always absolute. Many deployments grant sandbox appliances limited outbound connectivity to retrieve threat feeds, submit samples to cloud analysis platforms, or integrate with SIEM and SOAR tools. An attacker who compromises a sandbox can pivot into management VLANs, exfiltrate analyzed samples (which may contain sensitive documents or proprietary code), or manipulate detection logic to suppress alerts on subsequent payloads.

The three FortiSandbox vulnerabilities bypass authentication entirely, meaning attackers do not need valid credentials or prior foothold. In environments where sandbox appliances are reachable from the internet - either for remote administration or cloud integration - the attack surface is immediate.

The Patch Adoption Gap

Despite the availability of patches since April, the weekend exploitation wave suggests that a significant number of FortiSandbox deployments remain unpatched. Several factors contribute to this lag.

First, sandbox appliances are often managed by dedicated security teams rather than IT operations, and patching workflows may be slower or less automated than for endpoint agents or cloud services. Second, enterprises may delay patches for appliances that sit outside the direct data path, prioritizing inline security devices first. Third, some organizations run FortiSandbox in on-premises or air-gapped configurations where patch deployment requires manual intervention, USB media, or scheduled maintenance windows.

The gap between patch availability and patch adoption is a recurring theme across the security industry, but it is particularly acute for vendors whose products are heavily targeted. Fortinet's installed base - spanning firewalls, VPNs, switches, and security appliances - numbers in the hundreds of thousands of devices globally, many operated by mid-market enterprises with limited security staff.

The Broader Fortinet Threat Landscape

Fortinet vulnerabilities have become a staple of ransomware playbooks, advanced-persistent-threat (APT) toolkits, and opportunistic botnets over the past three years. The vendor's FortiOS operating system, which underpins FortiGate firewalls and other appliances, has seen a steady drumbeat of critical flaws - many of which were exploited before patches reached widespread deployment.

In 2023 and 2024, multiple ransomware groups, including actors linked to Russia and China-nexus APTs, exploited authentication-bypass and remote-code-execution flaws in FortiOS to gain initial access to corporate networks. In several incidents, attackers chained Fortinet vulnerabilities with flaws in other vendors' VPN products, creating redundant entry points that survived even partial remediation efforts.

The May warning from Check Point about VPN-related exploitation underscores the persistence of this threat. Finkelstein's research indicated that the same adversary group was cycling through multiple Fortinet CVEs, suggesting either a well-maintained exploit library or access to reliable zero-day research. The overlap between that campaign and the FortiSandbox exploitation is not yet clear, but the operational tempo - multiple high-severity flaws exploited within weeks of patch release - points to adversaries who monitor vendor advisories closely and move quickly.

Immediate Steps for Defenders

Organizations running FortiSandbox should prioritize patching to version 4.4.9 or 5.0.6, depending on branch, and apply the latest updates for FortiSandbox Cloud and PaaS deployments. If immediate patching is not feasible, network segmentation can reduce exposure: ensure that sandbox appliances are not reachable from the internet, restrict management interfaces to trusted internal subnets, and audit firewall rules governing sandbox-to-VLAN traffic.

Threat-hunting teams should review HTTP access logs for FortiSandbox appliances, looking for unusual request patterns, especially crafted POST or GET requests targeting JRPC API endpoints or web UI paths. Indicators of path-traversal attempts include URL-encoded directory sequences or unexpected file-path parameters; command-injection attempts may appear as shell metacharacters or chained commands in HTTP headers or body fields.

For enterprises that rely on FortiSandbox for malware analysis, consider temporarily disabling internet-facing integrations or cloud-submission features until patches are confirmed deployed. While this reduces real-time threat-intelligence enrichment, it narrows the attack surface during the high-risk window following public disclosure.

The Vibe-Coded Exploit Question

Defused's observation that the CVE-2026-25089 exploit may be "vibe coded" is both intriguing and concerning. The term, borrowed from developer slang, implies that the exploit was written quickly, possibly by reverse-engineering the patch or adapting proof-of-concept code, and may contain logic errors or incomplete payloads.

If true, this suggests that the attackers are working without access to a polished, weaponized tool - yet they are still achieving successful exploitation. That speaks to the exploitability of the underlying flaw: even a rough, error-prone exploit can succeed when the vulnerability is severe enough. It also raises the possibility that a more sophisticated, stable exploit will emerge in the coming weeks as researchers and adversaries refine their tooling.

Looking Ahead

The FortiSandbox exploitation cluster is the latest reminder that the window between patch release and active exploitation continues to shrink. Vendors can no longer assume that "no known exploitation" at the time of disclosure will hold for more than a few days, especially when CVSS scores breach 9.0 and the affected products sit at the network edge.

For Fortinet, the challenge is not merely technical - it is reputational and operational. The vendor's products are ubiquitous in enterprise and service-provider networks across Asia-Pacific, Europe, and North America. Each new wave of exploitation erodes customer confidence and invites regulatory scrutiny, particularly in jurisdictions where critical-infrastructure operators face mandatory disclosure and patching timelines.

At DailyTechWire, we expect to see continued targeting of Fortinet appliances through the remainder of 2026, driven by the vendor's large installed base, the availability of exploit code for older CVEs, and the operational value that compromised security appliances offer to ransomware and APT groups. Defenders should treat Fortinet advisories as time-sensitive, prioritize patching for internet-facing devices, and assume that any critical vulnerability will be weaponized within days, not weeks.