17 June 2026
Reference: CVE-2026-39808
1. What is being reported?
Security experts have discovered a critical vulnerability in Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw allows attackers to inject and execute commands on the system without permission, potentially taking control or causing harm.
2. What this means in plain English
If your organisation uses FortiSandbox in these versions, attackers might exploit this weakness to access your network or disrupt your services. This could lead to data loss, downtime, or other security issues.
3. Could this affect a small business?
Small businesses or charities using Fortinet FortiSandbox versions 4.4.0 to 4.4.8 could be at risk. If you do not use this software, or use a different version, you are likely not affected.
4. What to do now
- Check if your organisation uses Fortinet FortiSandbox software, and note the version number.
- If you use versions 4.4.0 through 4.4.8, contact your IT provider or software supplier immediately to arrange for an update or patch.
- Ensure your security software and systems are regularly updated to reduce risks from vulnerabilities.
- Monitor your systems for unusual activity and report any concerns to your IT support.
5. Ask your IT provider
Can you confirm if our Fortinet FortiSandbox software is affected by CVE-2026-39808, and if so, have the necessary patches been applied to protect us from this critical vulnerability?
6. Bottom line
If you use Fortinet FortiSandbox versions 4.4.0 to 4.4.8, act quickly to update and protect your organisation from this serious security risk.
Information based on CISA KEV, NVD, and reputable security reporting.