FortiSandbox Is Back on CISA's Exploited List, and This Time Feds Get Four Days. We Started the Fortinet Clock in May. It Already Ran Out.
- Patrick Duggan
- 1 hour ago
- 3 min read
On July 15, CISA added two Fortinet FortiSandbox vulnerabilities to its Known Exploited Vulnerabilities catalog and gave federal agencies until Sunday, July 19, to patch under Binding Operational Directive 26-04. Four days. FortiSandbox is the appliance that is supposed to detonate suspicious files in a safe container so they never reach your users. Two ways into it now let an unauthenticated attacker run code on the box itself.
What the two flaws are
Both are command-injection bugs, both unauthenticated, both low complexity, both ending in remote code execution:
CVE-2026-39808, patched by Fortinet on April 14, 2026.
CVE-2026-25089, patched on June 9, 2026.
The threat-intelligence firm Defused reported on June 16 that attackers were already abusing these in the wild, alongside a third, CVE-2026-39813. So the exploitation predates the KEV listing by a month, and the patches predate it by two to three. The gap between "Fortinet shipped the fix" and "CISA made it mandatory" is where the exposed boxes lived, and some of them got hit inside that window.
Why this one stings
FortiSandbox sits at a trust chokepoint. It is the thing you point untrusted files at on purpose. Code execution on the sandbox gives an attacker a foothold inside the appliance whose entire job is to handle hostile input, with visibility into what your other controls are flagging and a quiet position to work from. An edge box that fails open is bad. A malware-analysis box that fails open hands the attacker the room where you inspect their own tools.
We have been on this exact pipeline since May
We are going to be plain about the receipts and plain about the gap. These two specific CVEs are new to our coverage. We have been tracking the pattern behind them since May.
On May 13 we published a Fortinet post that started a clock, tracking how long a pre-auth RCE in a Fortinet edge box takes to travel from quiet patch to CISA mandate. On May 16 we watched that clock collapse to zero when CISA KEV'd CVE-2026-24858 the same week Fortinet patched its siblings. On May 30 we wrote that the perimeter vendors were shipping the bleed, with FortiClient EMS and PAN-OS GlobalProtect each turning their own product into the doorway. FortiSandbox is the same story with a different model number. Patched quietly, exploited in the wild, then dragged onto the KEV list with the shortest fuse yet.
The clock we started in May was a way to measure how fast this happens. For FortiSandbox the measurement is already done. Exploitation since June, KEV on July 15, deadline July 19. The lag that used to be sixty days is now a weekend.
What to do before Sunday
If you run FortiSandbox, upgrade to the latest released version today and treat any box you cannot patch by Sunday as presumed reachable. Pull it off the public internet if you can, and put management interfaces behind a VPN or an allowlist rather than exposing them. Hunt your appliance logs for command execution and outbound connections that a sandbox has no business making. Because both bugs are pre-authentication, there is no credential to rotate and no account to lock. The only real control is the patch and the network path to the box. Federal agencies have a Sunday deadline. Everyone else has the same threat and no one setting one for them, which historically has meant the private-sector boxes stay exposed the longest.
We cap our certainty at 95 percent, and the missing five points on this one are about scope. Fortinet and CISA have named the flaws and confirmed exploitation. Neither has published the full count of appliances hit before the patches landed, and that number is the one that would tell you how bad the quiet window really was.
Every indicator in this post is in the feed. Free.
1.58M+ IOCs, STIX 2.1 / TAXII, 88% novel vs ThreatFox, exploited-CVE leads ahead of CISA. No credit card — a free API key in 30 seconds, and you can audit every claim above against the live endpoints.
