CVE Details

CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability
Published: 2026-07-16 CVSS: 9.1 CRITICAL Product: Fortinet FortiSandbox Due Date: 2026-07-19

Fortinet FortiSandbox contains an OS command injection vulnerability that could allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 9.1
  • Severity: CRITICAL
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC

  • Exploitation: poc
  • Automatable: yes
  • Technical Impact: total

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.2
cveMetadata > cveId CVE-2026-39808
cveMetadata > assignerOrgId 6abe59d8-c742-4dff-8ce8-9b0ca1073da8
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName fortinet
cveMetadata > dateReserved 2026-04-07T15:24:03.838Z
cveMetadata > datePublished 2026-04-14T15:38:02.089Z
cveMetadata > dateUpdated 2026-04-22T13:56:10.055Z
containers > cna > affected > 0 > vendor Fortinet
containers > cna > affected > 0 > product FortiSandbox
containers > cna > affected > 0 > cpes > 0 cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
containers > cna > affected > 0 > cpes > 1 cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
containers > cna > affected > 0 > cpes > 2 cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
containers > cna > affected > 0 > cpes > 3 cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
containers > cna > affected > 0 > cpes > 4 cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
containers > cna > affected > 0 > cpes > 5 cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
containers > cna > affected > 0 > cpes > 6 cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
containers > cna > affected > 0 > cpes > 7 cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
containers > cna > affected > 0 > cpes > 8 cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
containers > cna > affected > 0 > defaultStatus unaffected
containers > cna > affected > 0 > versions > 0 > versionType semver
containers > cna > affected > 0 > versions > 0 > version 4.4.0
containers > cna > affected > 0 > versions > 0 > lessThanOrEqual 4.4.8
containers > cna > affected > 0 > versions > 0 > status affected
containers > cna > affected > 1 > vendor Fortinet
containers > cna > affected > 1 > product FortiSandbox PaaS
containers > cna > affected > 1 > cpes > 0 cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*
containers > cna > affected > 1 > cpes > 1 cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*
containers > cna > affected > 1 > cpes > 2 cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*
containers > cna > affected > 1 > cpes > 3 cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*
containers > cna > affected > 1 > cpes > 4 cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*
containers > cna > affected > 1 > cpes > 5 cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*
containers > cna > affected > 1 > cpes > 6 cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*
containers > cna > affected > 1 > cpes > 7 cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*
containers > cna > affected > 1 > cpes > 8 cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*
containers > cna > affected > 1 > defaultStatus unaffected
containers > cna > affected > 1 > versions > 0 > version 23.4.4374
containers > cna > affected > 1 > versions > 0 > status affected
containers > cna > affected > 1 > versions > 1 > version 23.4.4350
containers > cna > affected > 1 > versions > 1 > status affected
containers > cna > affected > 1 > versions > 2 > version 23.3.4329
containers > cna > affected > 1 > versions > 2 > status affected
containers > cna > affected > 1 > versions > 3 > version 23.1.4245
containers > cna > affected > 1 > versions > 3 > status affected
containers > cna > affected > 1 > versions > 4 > version 22.2.4151
containers > cna > affected > 1 > versions > 4 > status affected
containers > cna > affected > 1 > versions > 5 > version 22.2.4134
containers > cna > affected > 1 > versions > 5 > status affected
containers > cna > affected > 1 > versions > 6 > version 22.1.4113
containers > cna > affected > 1 > versions > 6 > status affected
containers > cna > affected > 1 > versions > 7 > version 21.4.4072
containers > cna > affected > 1 > versions > 7 > status affected
containers > cna > affected > 1 > versions > 8 > version 21.3.4055
containers > cna > affected > 1 > versions > 8 > status affected
containers > cna > descriptions > 0 > lang en
containers > cna > descriptions > 0 > value A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
containers > cna > providerMetadata > orgId 6abe59d8-c742-4dff-8ce8-9b0ca1073da8
containers > cna > providerMetadata > shortName fortinet
containers > cna > providerMetadata > dateUpdated 2026-04-14T15:38:02.089Z
containers > cna > problemTypes > 0 > descriptions > 0 > lang en
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-78
containers > cna > problemTypes > 0 > descriptions > 0 > description Execute unauthorized code or commands
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > metrics > 0 > format CVSS
containers > cna > metrics > 0 > cvssV3_1 > version 3.1
containers > cna > metrics > 0 > cvssV3_1 > attackComplexity LOW
containers > cna > metrics > 0 > cvssV3_1 > attackVector NETWORK
containers > cna > metrics > 0 > cvssV3_1 > availabilityImpact HIGH
containers > cna > metrics > 0 > cvssV3_1 > baseScore 9.1
containers > cna > metrics > 0 > cvssV3_1 > baseSeverity CRITICAL
containers > cna > metrics > 0 > cvssV3_1 > confidentialityImpact HIGH
containers > cna > metrics > 0 > cvssV3_1 > integrityImpact HIGH
containers > cna > metrics > 0 > cvssV3_1 > privilegesRequired NONE
containers > cna > metrics > 0 > cvssV3_1 > scope UNCHANGED
containers > cna > metrics > 0 > cvssV3_1 > userInteraction NONE
containers > cna > metrics > 0 > cvssV3_1 > vectorString CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
containers > cna > solutions > 0 > lang en
containers > cna > solutions > 0 > value Upgrade to FortiSandbox version 4.4.9 or above Upgrade to FortiSandbox PaaS version 5.0.2 or above
containers > cna > references > 0 > name https://fortiguard.fortinet.com/psirt/FG-IR-26-100
containers > cna > references > 0 > url https://fortiguard.fortinet.com/psirt/FG-IR-26-100
containers > adp > 0 > references > 0 > url https://github.com/samu-delucas/CVE-2026-39808
containers > adp > 0 > references > 0 > tags > 0 exploit
containers > adp > 0 > metrics > 0 > other > type ssvc
containers > adp > 0 > metrics > 0 > other > content > timestamp 2026-04-22T03:55:32.291352Z
containers > adp > 0 > metrics > 0 > other > content > id CVE-2026-39808
containers > adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation poc
containers > adp > 0 > metrics > 0 > other > content > options > 1 > Automatable yes
containers > adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact total
containers > adp > 0 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 0 > metrics > 0 > other > content > version 2.0.3
containers > adp > 0 > title CISA ADP Vulnrichment
containers > adp > 0 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 0 > providerMetadata > shortName CISA-ADP
containers > adp > 0 > providerMetadata > dateUpdated 2026-04-22T13:56:10.055Z