Security NEXTJuly 18, 2026🇯🇵Translated from Japanese

CISA Adds Three Exploited Vulnerabilities in FortiSandbox and SharePoint to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities that are being actively exploited in the wild to its Known Exploited Vulnerabilities (KEV) catalog.

Two of the flaws affect Fortinet FortiSandbox, a malware analysis and sandboxing solution. The vulnerabilities, identified as CVE-2026-39808 and CVE-2026-25089, are OS command injection issues. Attackers can exploit them by sending specially crafted HTTP requests, allowing unauthenticated remote execution of arbitrary commands or code. The CVE-2026-25089 flaw also impacts FortiSandbox Cloud and FortiSandbox PaaS deployments.

The third vulnerability, CVE-2026-58644, affects Microsoft SharePoint. It arises from improper deserialization of untrusted data and can enable remote code execution over the network.

Public advisories for the FortiSandbox issues were published in April and June 2026. CISA’s July 16, 2026 update emphasizes that these vulnerabilities are already being used in real-world attacks, increasing the urgency for organizations to apply patches and implement recommended mitigations.