3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

SOCRadar has detected 30,000 compromised Fortinet firewalls that expose networks to hacking. The post 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs appeared first on SecurityWeek .

The article reports that attackers are actively targeting three recently patched Fortinet FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089), and that SOCRadar has observed roughly 30,000 compromised Fortinet firewalls exposed to hacking.[1][3] These flaws include path traversal in the JRPC API for authentication bypass and multiple OS command injection issues that allow unauthenticated remote code or command execution via crafted HTTP requests.[2][3] For AI-enabled organizations that rely on Fortinet appliances as part of their network security stack, this represents an AI supply chain risk because compromise of FortiSandbox—which other Fortinet products depend on for threat verdicts and automated blocking—can undermine upstream protections and any AI/ML-driven detection relying on those signals.[3] CyberSE.AI analysis: organizations should inventory Fortinet components in their AI infrastructure perimeter, rapidly apply the Fortinet patches, and incorporate vendor security posture and patch responsiveness into SBOM-driven AI supply chain governance to prevent corrupted security telemetry or control channels from cascading into AI agents and automated de