Security · 2h ago
FortiSandbox flaws actively exploited; CISA orders patching
Attackers are exploiting critical command injection vulnerabilities in Fortinet's FortiSandbox, prompting CISA to add the flaws to its exploited list. The bugs allow remote code execution without authentication. Fortinet has released patches, and CISA urges federal agencies to apply them by August 7.
Meridian48 take
The CISA order underscores the severity, but the real story is how quickly these flaws went from disclosure to active exploitation—a reminder that patching windows are shrinking.
Read the full reporting
Attackers target critical FortiSandbox flaws as CISA issues patch order →
The Register
fortinetcisa