Two critical vulnerabilities in FortiSandbox (CVE-2026-39813 and CVE-2026-39808, both CVSS 9.8) allow unauthenticated attackers to bypass authentication and execute arbitrary code via specially crafted HTTP requests.
Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a specially crafted HTTP request, putting unpatched FortiSandbox deployments at risk. About FortiSandbox FortiSandbox is Fortinet’s security solution for detecting and analyzing advanced threats. It does so by detonating suspicious files and URLs in an isolated environment and returning verdicts. Other Fortinet products – firewalls, … More → The post Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) appeared first on Help Net Security .