Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Security Flaw Found in Fortinet FortiSandbox Software

A serious security weakness has been found in certain versions of Fortinet FortiSandbox software that could let attackers run harmful commands on affected systems. This matters because FortiSandbox is used to protect networks, and if compromised, it could lead to unauthorised access or damage.

17 June 2026

Reference: CVE-2026-39808

1. What is being reported?

Security experts have discovered a critical vulnerability in Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw allows attackers to inject and execute commands on the system without permission, potentially taking control or causing harm.

2. What this means in plain English

If your organisation uses FortiSandbox in these versions, attackers might exploit this weakness to access your network or disrupt your services. This could lead to data loss, downtime, or other security issues.

3. Could this affect a small business?

Small businesses or charities using Fortinet FortiSandbox versions 4.4.0 to 4.4.8 could be at risk. If you do not use this software, or use a different version, you are likely not affected.

4. What to do now

  • Check if your organisation uses Fortinet FortiSandbox software, and note the version number.
  • If you use versions 4.4.0 through 4.4.8, contact your IT provider or software supplier immediately to arrange for an update or patch.
  • Ensure your security software and systems are regularly updated to reduce risks from vulnerabilities.
  • Monitor your systems for unusual activity and report any concerns to your IT support.

5. Ask your IT provider

Can you confirm if our Fortinet FortiSandbox software is affected by CVE-2026-39808, and if so, have the necessary patches been applied to protect us from this critical vulnerability?

6. Bottom line

If you use Fortinet FortiSandbox versions 4.4.0 to 4.4.8, act quickly to update and protect your organisation from this serious security risk.

Information based on CISA KEV, NVD, and reputable security reporting.

Back to Vulnerability Briefs