CVE-2026-39813EXPLOITEDPATCHED

Fortinet · FortiSandbox

CVE-2026-39813: A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.

Description

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

Affected Products

Vendor	Product	Versions
Fortinet	FortiSandbox	5.0.0, 4.4.0, 24.1, 23.4, 5.0.4

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
fortinet	fortisandbox cloud	mitre_affected	90%

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-112

Related News (2 articles)

Tier C

VulDB6h ago

CVE-2026-39813 | Fortinet FortiSandbox/FortiSandbox Cloud up to 4.4.8/5.0.5 /filedir path traversal (FG-IR-26-112)

→ No new info (linked only)

Tier A

Fortinet PSIRT16h ago

Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox

→ No new info (linked only)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

5.0.6

CWECWE-24

PublishedApr 14, 2026

Last enriched7h agov2

Trending Score74

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-21643EXPKEV

CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiC

Trending: 152

CRITICALCVE-2026-35616EXPKEV

CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta

Trending: 131

CRITICALCVE-2026-39808EXP

CVE-2026-39808: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F

Trending: 74

HIGHCVE-2026-40688EXP

A out-of-bounds write vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow attacker to execute unauthorized code or commands vi

Trending: 62

HIGHCVE-2026-22828EXP

CVE-2026-22828: A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2

Trending: 61

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: affectedVersions, patchAvailable, activelyExploited

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Patch Available

Apr 14, 2026

Version History

Last enriched 7h ago

v2Tier A7h ago

Updated affected versions to include 5.0.6 and 4.4.9, added patch available version 5.0.6, and marked the vulnerability as actively exploited.

affectedVersionspatchAvailableactivelyExploited

via Fortinet PSIRT

v17h ago

Initial creation