Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Attackers are actively exploiting three Fortinet FortiSandbox vulnerabilities: CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. All three carry a CVSS score of 9.1. Fortinet patched the first two in April 2026 and fixed CVE-2026-25089 last week. The exploit for CVE-2026-25089 appears AI-developed but is faulty, with no working exploit publicly disclosed.