Fortinet has released critical patches for two vulnerabilities in FortiSandbox allowing unauthenticated attackers to bypass authentication or execute remote code. CVE-2026-39808 (OS command injection, CVSS 9.1) and CVE-2026-39813 (path traversal auth bypass, CVSS 9.1) affect versions 4.4.0–4.4.8 and 5.0.0–5.0.5 respectively. Public exploits are available and exploitation is likely imminent.
Safety
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
Fortinet's FortiSandbox has two critical flaws (CVSS 9.1) enabling unauthenticated remote code execution and auth bypass across widely-deployed versions, with public exploits and active exploitation already underway.
Wednesday, April 15, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety
/// RELATED
StrategyApr 21
Apple has an opportunity to rediscover humanity in its push toward AI
A leadership transition presents Apple with an opportunity to align its privacy-focused brand messaging with its profit-driven App Store gatekeeping practices and compliance with authoritarian governments.
ProductsApr 24
Two college kids raise a $5.1 million pre-seed to build an AI social network in iMessage
Yale students' AI social network Series raised $5.1M pre-seed with backing from Venmo's co-founder and Reddit CEO, betting that embedding social discovery inside iMessage's existing user base beats standalone competition.