<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-03T13:31:16.216212+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/980d8e1d-db16-4835-b8da-1e612054ae39/export</id>
    <title>980d8e1d-db16-4835-b8da-1e612054ae39</title>
    <updated>2026-07-03T13:31:16.238795+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cve.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "980d8e1d-db16-4835-b8da-1e612054ae39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-39813", "type": "seen", "source": "https://www.acn.gov.it/portale/w/fortibleed-esposizione-di-credenziali-ssl-vpn-associate-a-dispositivi-fortinet-esposti-su-internet", "content": "", "creation_timestamp": "2026-06-25T16:45:18.106835Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/980d8e1d-db16-4835-b8da-1e612054ae39/export"/>
    <published>2026-06-25T16:45:18.106835+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a0920e0f-45fb-4b2c-a223-5cea86446478/export</id>
    <title>a0920e0f-45fb-4b2c-a223-5cea86446478</title>
    <updated>2026-07-03T13:31:16.241316+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a0920e0f-45fb-4b2c-a223-5cea86446478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39813", "type": "seen", "source": "https://bsky.app/profile/termsofsurrender.bsky.social/post/3mozmerczap26", "content": "FortiSandbox Gets Rooted While Everyone Stares at the Dashboard\nPANIC 88% | Lag 0.0h | Threat actors are chaining multiple FortiSandbox vulnerabilities, including CVE-2026-39813, to achie\n#AfterShockIndex\nREAD MORE", "creation_timestamp": "2026-06-24T09:34:36.994844Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a0920e0f-45fb-4b2c-a223-5cea86446478/export"/>
    <published>2026-06-24T09:34:36.994844+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f54d31f8-c97a-4b5c-8f29-3e57aa0f4dc3/export</id>
    <title>f54d31f8-c97a-4b5c-8f29-3e57aa0f4dc3</title>
    <updated>2026-07-03T13:31:16.242903+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f54d31f8-c97a-4b5c-8f29-3e57aa0f4dc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39813", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3moy45riuqj2r", "content": "\ud83d\udea8 ACTIVE EXPLOITATION: Threat actors are chaining three FortiSandbox vulnerabilities (CVE-2026-39813, et al.) for unauthenticated RCE and full root takeover. Patch immediately to prevent sandbox compromise. #infosec #vulnerability #fortinet\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-23T19:11:43.599864Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f54d31f8-c97a-4b5c-8f29-3e57aa0f4dc3/export"/>
    <published>2026-06-23T19:11:43.599864+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/18c2e061-a8bb-4b62-9bd4-8eac927684dc/export</id>
    <title>18c2e061-a8bb-4b62-9bd4-8eac927684dc</title>
    <updated>2026-07-03T13:31:16.243033+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "18c2e061-a8bb-4b62-9bd4-8eac927684dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39813", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116801003102879891", "content": "\ud83d\udcf0 FortiSandbox Vulnerabilities Chained for Root-Level Takeover, Active Exploits in Wild\n\ud83d\udea8 ACTIVE EXPLOITATION: Threat actors are chaining three FortiSandbox vulnerabilities (CVE-2026-39813, et al.) for unauthenticated RCE and full root takeover. Patch immediately to prevent sandbox compromise. #infosec #vulnerability #fortinet\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/exploitation-of-multiple-fortisandbox-vulnerabilities-observed-in-the-wild/?u\u2026", "creation_timestamp": "2026-06-23T19:11:13.178159Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/18c2e061-a8bb-4b62-9bd4-8eac927684dc/export"/>
    <published>2026-06-23T19:11:13.178159+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/763179c3-4ff4-4217-8118-af50c0c8823c/export</id>
    <title>763179c3-4ff4-4217-8118-af50c0c8823c</title>
    <updated>2026-07-03T13:31:16.243144+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "763179c3-4ff4-4217-8118-af50c0c8823c", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39813", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/5c9f9de2-5560-4056-9ed6-937928435f16", "content": "", "creation_timestamp": "2026-06-23T14:02:57.186992Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/763179c3-4ff4-4217-8118-af50c0c8823c/export"/>
    <published>2026-06-23T14:02:57.186992+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/46f20f95-755f-4bd9-98bd-4c9ec910523e/export</id>
    <title>46f20f95-755f-4bd9-98bd-4c9ec910523e</title>
    <updated>2026-07-03T13:31:16.243243+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "46f20f95-755f-4bd9-98bd-4c9ec910523e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39813", "type": "seen", "source": "https://bsky.app/profile/insomnisec.bsky.social/post/3movslpmknz27", "content": "\ud83d\udce1 Fortinet FortiSandbox: Three Critical Vulnerabilities Under Active Attack (CVE-2026-39808, CVE-2026-39813, CVE-2026-25089)", "creation_timestamp": "2026-06-22T21:15:13.766298Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/46f20f95-755f-4bd9-98bd-4c9ec910523e/export"/>
    <published>2026-06-22T21:15:13.766298+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5dd3aec4-213e-4fac-892b-bb87bd00054c/export</id>
    <title>5dd3aec4-213e-4fac-892b-bb87bd00054c</title>
    <updated>2026-07-03T13:31:16.243340+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5dd3aec4-213e-4fac-892b-bb87bd00054c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39813", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3movomuqbyi2d", "content": "~Checkpoint~\nWeekly threat intel highlights FortiSandbox &amp;amp; Splunk zero-days, AI agent exploits, and major breaches at Texas Parks &amp;amp; Klue.\n-\nIOCs: CVE-2026-39813, CVE-2026-50656, CVE-2026-20253\n-\n#DataBreach #ThreatIntel #Vulnerabilities", "creation_timestamp": "2026-06-22T20:04:17.765442Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5dd3aec4-213e-4fac-892b-bb87bd00054c/export"/>
    <published>2026-06-22T20:04:17.765442+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/af725c7f-579d-41eb-af3e-b14bf1991b6e/export</id>
    <title>af725c7f-579d-41eb-af3e-b14bf1991b6e</title>
    <updated>2026-07-03T13:31:16.243437+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "af725c7f-579d-41eb-af3e-b14bf1991b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39813", "type": "seen", "source": "https://bsky.app/profile/trinacriatech.bsky.social/post/3mov6psbc7s26", "content": "FortiSandbox 3 CVE in exploitation ITW: CVE-2026-39813 (CVSS 9.8, auth bypass JRPC API) + CVE-2026-39808 (OS cmd injection, PoC pubblico aprile). FortiSandbox = verdict-engine di FortiGate/FortiMail/FortiWeb. Fix: 5.0.6/4.4.9 #Fortinet", "creation_timestamp": "2026-06-22T15:19:35.858005Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/af725c7f-579d-41eb-af3e-b14bf1991b6e/export"/>
    <published>2026-06-22T15:19:35.858005+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c7ba5925-4141-4910-8787-141aa7948ddf/export</id>
    <title>c7ba5925-4141-4910-8787-141aa7948ddf</title>
    <updated>2026-07-03T13:31:16.243530+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c7ba5925-4141-4910-8787-141aa7948ddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39813", "type": "seen", "source": "https://bsky.app/profile/aegisbot.bsky.social/post/3moutld5gaj27", "content": "\ud83d\udd0d Top signals this week:\n\nCVEs: CVE-2026-20262, CVE-2026-35273, CVE-2026-39813, CVE-2026-48558, CVE-2026-50656\nActors: Ransomware, Apt, Play\n\nFull intel: https://matlock.ca/cybersecnews", "creation_timestamp": "2026-06-22T12:00:28.111725Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c7ba5925-4141-4910-8787-141aa7948ddf/export"/>
    <published>2026-06-22T12:00:28.111725+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7941c546-51f3-4396-90a7-b5651dd3390f/export</id>
    <title>7941c546-51f3-4396-90a7-b5651dd3390f</title>
    <updated>2026-07-03T13:31:16.243629+00:00</updated>
    <author>
      <name>Alexandre Dulaunoy</name>
      <uri>https://cve.circl.lu/user/adulau</uri>
    </author>
    <content>{"uuid": "7941c546-51f3-4396-90a7-b5651dd3390f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-39813", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/fee93255-19dd-4e3c-b8ea-5c30109a62bf", "content": "", "creation_timestamp": "2026-06-22T10:49:37.461078Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7941c546-51f3-4396-90a7-b5651dd3390f/export"/>
    <published>2026-06-22T10:49:37.461078+00:00</published>
  </entry>
</feed>
