Threat actors are actively exploiting several high-severity vulnerabilities affecting Fortinet, Cisco, and LiteSpeed cPanel Plugin products.
Threat intelligence company Defused reported that hackers are targeting three critical flaws in Fortinet's FortiSandbox platform. The vulnerabilities, tracked as CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, were patched by Fortinet on April 14. If exploited, the flaws could allow attackers to gain elevated privileges and execute code remotely without user interaction.
“We are observing exploitation of multiple Fortinet FortiSandbox vulnerabilities during the past 24 hours, including: CVE-2026-39813 (no previous recorded exploitation) CVE-2026-39808 CVE-2026-25089 (vibecoded, likely faulty exploit),” Defused said in a post on X. “Per our research a working exploit for CVE-2026-25089 has not yet been publicly disclosed.”
Customers are strongly advised to update affected systems to the latest versions to protect against attacks. The company also previously warned that another flaw (CVE-2025-61624) had been exploited in the wild. The vulnerability could allow privilege escalation but requires attackers to already have high-level access.
Meanwhile, Cisco has released patches for CVE-2026-20262, a zero-day vulnerability affecting Catalyst SD-WAN Manager, formerly known as SD-WAN vManage. The flaw could allow low-privilege attackers to execute commands with root privileges by sending specially crafted HTTP requests.
Cisco confirmed that the vulnerability was actively exploited earlier this month and strongly advised customers to install security updates. The company has also shared indicators of compromise (IoCs), including suspicious uploads of index.jsp and .war files, which administrators should check for in system logs.
Also, the US cybersecurity agency CISA has flagged a vulnerability (CVE-2026-54420) in LiteSpeed cPanel Plugin as actively exploited. The issue allows a user with FTP or web shell access to escalate privileges to root on shared hosting servers running CloudLinux or CageFS.