CVE-2026-39813 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 14, 2026
Fortinet FortiSandbox - Path Traversal
Overview
Fortinet FortiSandbox 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8 contain a path traversal caused by improper input validation, letting attackers escalate privileges via crafted path traversal, exploit requires attacker to send crafted requests.
Severity & Score
Impact
Attackers can escalate privileges by exploiting path traversal to access unauthorized files or system components.
Mitigation
Update to the latest FortiSandbox version beyond 5.0.5 or 4.4.8.
Social Media Activity(1 post)
Fortinet Reports Critical Unauthenticated Vulnerabilities in FortiSandbox Platform Fortinet reports two critical vulnerabilities in FortiSandbox (CVE-2026-39808 and CVE-2026-39813) that allow unauthenticated remote attackers to execute commands or bypass authentication via crafted HTTP requests. **If you run FortiSandbox, make sure it is isolated from the internet and accessible from trusted networks only, then update immediately to version 4.4.9+ or 5.0.6+ depending on your branch. Until you update, restrict API access to trusted IP addresses only. It's a Fortinet product, it will be actively attacked.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/fortinet-reports-critical-unauthenticated-vulnerabilities-in-fortisandbox-platform-o-m-k-n-l/gD2P6Ple2L
View original postRelated Resources
Details
- CVE ID
- CVE-2026-39813
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- path_traversal
- Status
- new
- EPSS
- 5.8%
- Social Posts
- 1
CWE
- CWE-24
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H