Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2023

    July 19, 2026

    HackTheBox Logging

    July 18, 2026

    CISA urges immediate action on actively exploited Fortinet flaws

    July 18, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»CISA urges immediate action on actively exploited Fortinet flaws
    News

    CISA urges immediate action on actively exploited Fortinet flaws

    adminBy adminJuly 18, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Fortinet

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform.

    These two critical-severity security flaws (tracked as CVE-2026-39808 and CVE-2026-25089) were addressed by Fortinet on April 14 and June 9, respectively.

    As the company detailed in security advisories issued at the time, successful exploitation allows unauthenticated threat actors to execute unauthorized code remotely through low-complexity command injection attacks that require no user interaction.

    image

    To resolve these issues and block incoming attacks, admins must upgrade all affected deployments to the latest released versions.

    While Fortinet has yet to tag these two vulnerabilities as used in attacks, and has not yet replied to BleepingComputer’s emails regarding in-the-wild exploitation, threat intelligence company Defused revealed on June 16 that attackers had started abusing them in the wild.

    “We are observing exploitation of multiple Fortinet FortiSandbox vulnerabilities during the past 24 hours, including: CVE-2026-39813 (no previous recorded exploitation), CVE-2026-39808, CVE-2026-25089 (vibecoded, likely faulty exploit),” Defused warned.

    On Thursday, CISA also confirmed that the flaws are actively exploited in the wild, adding them to its catalog of known exploited vulnerabilities. As mandated by Binding Operational Directive (BOD) 26-04, U.S. federal agencies must patch vulnerable FortiSandbox instances by Sunday, July 19.

    In February, Fortinet also patched a critical SQL injection vulnerability (CVE-2026-21643) in the FortiClient Enterprise Management Server (EMS) platform, which Defused flagged ​​​​ as actively exploited one month later.

    Two months later, the company addressed another security issue exploited in attacks: a path traversal vulnerability (CVE-2025-61624) that can allow authenticated attackers to escalate privileges.

    Fortinet vulnerabilities are often exploited in cyber espionage campaigns and in ransomware attacks (often as zero-days). In total, CISA tracks 28 Fortinet vulnerabilities that have been exploited in attacks in recent years, 13 of which have also been abused in ransomware attacks.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleUS charges two over laundering $43 million from investment fraud
    Next Article HackTheBox Logging
    admin
    • Website

    Related Posts

    News

    Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2023

    July 19, 2026
    News

    US charges two over laundering $43 million from investment fraud

    July 18, 2026
    News

    The Future of Age Verification: Your Face Never Leaves Your Device

    July 18, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2023

    July 19, 2026

    HackTheBox Logging

    July 18, 2026

    CISA urges immediate action on actively exploited Fortinet flaws

    July 18, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.