Source: International Business Times
CISA confirmed on July 16, 2026, that two critical command injection flaws in Fortinet's FortiSandbox threat-analysis platform are being actively exploited in real-world attacks. Federal civilian agencies have until Sunday, July 19 to apply vendor patches or pull affected systems offline entirely. What makes the window this narrow is what FortiSandbox actually is: not a web application or a management console, but the appliance that delivers threat verdicts to every other product in an organization's Fortinet security stack — firewalls, email gateways, endpoint agents, SIEMs, and automated response platforms all trust its output.
Go to Source
Related News