Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP

CVE-2026-39808 is an OS command injection flaw in FortiSandbox that allows unauthenticated attackers to execute unauthorized ...
SecurityWeek

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...
Business Insider

Fortinet’s Newest Sandbox Solution Recommended by NSS LabsThe FortiSandbox 2000E Excels in the Latest Breach Detection System Test, Earning Fortinet’s Fourth-Consecutive ...

John Maddison, senior vice president of products and solutions at Fortinet “Cybercriminals are evolving new attack strategies at an alarming rate and creating a situation in which the time from breach ...
Bleeping Computer

Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks

Fortinet has confirmed that it has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now "massively exploited in the wild." The flaw was silently ...
Bleeping Computer

Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks

Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable ...
TechRadar

Fortinet FortiGate devices hit in automated attacks which create rogue accounts and steal firewall data

Hackers exploit Fortinet FortiGate SSO bug to steal firewall configuration data FortiOS 7.4.10 patch incomplete; new versions planned to fully fix vulnerability Stolen firewall data exposes network ...