LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-39808

CVE-2026-39808 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 14, 2026

Fortinet FortiSandbox - Command Injection

Published: April 14, 2026Updated: April 14, 2026PoC AvailableRemote Exploitable

Overview

Fortinet FortiSandbox 4.4.0 through 4.4.8 contains a command injection caused by improper neutralization of special elements in OS commands, letting attackers execute unauthorized code or commands, exploit requires crafted input.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 1309.9%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code or commands, potentially leading to full system compromise.

Mitigation

Update to a version later than 4.4.8 or the latest available version.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
May 1, 2026

📈 CVE Published in last 30 days (2026-04-01 - 2026-05-01) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 5807 Severity: - Critical: 515 - High: 2106 - Medium: 2394 - Low: 573 - None: 219 Status: - : 86 - Analyzed: 3144 - Awaiting Analysis: 825 - Deferred: 1513 - Modified: 111 - Received: 17 - Rejected: 55 - Undergoing Analysis: 56 Top CNAs: - GitHub, Inc.: 1234 - VulDB: 776 - VulnCheck: 528 - MITRE: 411 - kernel.org: 380 - Wordfence: 301 - Patchstack: 217 - Microsoft Corporation: 181 - Chrome: 145 - Oracle: 102 Top Affected Products: - UNKNOWN: 2561 - Linux Kernel: 247 - Openclaw: 156 - Google Chrome: 139 - Microsoft Windows Server 2025: 118 - Microsoft Windows Server 2022 23h2: 116 - Microsoft Windows 11 24h2: 115 - Microsoft Windows 11 25h2: 115 - Microsoft Windows 11 26h1: 114 - Microsoft Windows Server 2022: 111 Top EPSS Score: - CVE-2026-34197 - 65.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197) - CVE-2026-39987 - 55.21 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39987) - CVE-2026-35616 - 41.37 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35616) - CVE-2026-2262 - 29.11 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2262) - CVE-2026-2699 - 23.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2699) - CVE-2026-29014 - 17.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29014) - CVE-2026-3396 - 16.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3396) - CVE-2026-35029 - 13.30 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35029) - CVE-2026-38834 - 13.21 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834) - CVE-2026-39808 - 11.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39808)

View original post

GitHub Repositories(4 repos)

Related Resources

Details

CVE ID
CVE-2026-39808
Severity
Critical
CVSS Score
9.8
Type
command_injection
Status
new
EPSS
1309.9%
Nuclei
Available
Social Posts
1

CWE

  • CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1309.9%Probability of exploitation in the next 30 days

Nuclei Template

View Nuclei Template