Signal
CISA mandates urgent patch for actively exploited critical FortiSandbox vulnerabilities
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-07-17 09:45 UTCUpdated 2026-07-17 20:08 UTC
rss
cveexploitssecurity_advisoryincident_response
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.3 top sources shown
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical FortiSandbox vulnerabilities, CVE-2026-39808 and CVE-2026-25089, to its Known Exploited Vulnerabilities catalog following evidence of active exploitation.
Entities
FortinetCISAFortiSandbox
Score total
1.06
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
- CISA has just added these bugs to its Known Exploited Vulnerabilities catalog.
- Federal agencies have a tight deadline (July 19) to patch these critical flaws.
- Active exploitation evidence means organizations must prioritize immediate remediation.
Why it matters
- These vulnerabilities allow attackers to execute commands without authentication, risking full system compromise.
- FortiSandbox is critical for malware analysis; exploitation could enable deeper network intrusions.
- CISA's mandate highlights the urgency and severity of these actively exploited flaws.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
- Two critical FortiSandbox vulnerabilities allow unauthenticated remote code execution via HTTP requests.
- CISA added these vulnerabilities to its Known Exploited Vulnerabilities catalog and mandated patching by July 19 for federal agencies.
How sources frame it
- The Register Security: neutral
All evidence
All evidence
The Register Security
theregister.com · theregister.com · 2026-07-17 11:58 UTC
CISA Adds FortiSandbox Bugs to KEV Catalog
BankInfoSecurity · bankinfosecurity.com · 2026-07-17 20:08 UTC
CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities
Infosecurity Magazine · infosecurity-magazine.com · 2026-07-17 09:45 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
- theregister.com (1)
- BankInfoSecurity (1)
- Infosecurity Magazine (1)
Top origin domains (this list)
- theregister.com (1)
- bankinfosecurity.com (1)
- infosecurity-magazine.com (1)