Several critical vulnerabilities in Fortinet FortiSandbox (CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089) have been exploited in the wild as of June 2026. These vulnerabilities enable unauthenticated remote code execution and privilege escalation through low-complexity command injection attacks requiring no user interaction. Fortinet issued security updates on April 14, 2026, to address these flaws. Exploitation has been observed within 24 hours of the report, with some exploits newly observed and others likely faulty or not publicly disclosed. Fortinet has a history of vulnerabilities exploited in ransomware and espionage campaigns. Additional related vulnerabilities in FortiClient EMS and FortiSandbox have also been patched recently. No vendor advisory or patch links were provided in the input, but Fortinet's April 2026 updates are referenced as the remediation.

Successful exploitation allows unauthenticated attackers to remotely execute arbitrary code and escalate privileges on FortiSandbox systems. This can lead to full system compromise, enabling attackers to bypass security controls and potentially facilitate further attacks such as ransomware deployment or espionage. The vulnerabilities require no user interaction and have low complexity for exploitation, increasing the risk of widespread impact on unpatched systems.

Fortinet released official security updates on April 14, 2026, addressing these critical vulnerabilities. Administrators should promptly upgrade affected FortiSandbox deployments to the latest patched versions to block ongoing attacks. Since this is an on-premises product, remediation depends on applying these updates. Patch status is confirmed by Fortinet's advisory referenced in the source content. No additional mitigations or workarounds are indicated in the provided data.