CVE-2026-39813KEVEXPLOITEDPATCHED

fortinet · fortisandbox

CVE-2026-39813: A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.

Description

The vulnerability allows an attacker to bypass authentication.

Affected Products

Vendor	Product	Versions
fortinet	fortisandbox	5.0.0, 4.4.0, 24.1, 23.4, 5.0.4, FortiSandbox 4.4.0 - 4.4.8, FortiSandbox 5.0.0 - 5.0.5, FortiAnalyzer Cloud 7.6.2 - 7.6.4, FortiManager Cloud 7.6.2 - 7.6.4, FortiDDoS-F 7.2.1 - 7.2.2

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
fortinet	fortisandbox cloud	mitre_affected	90%

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-112

Related News (11 articles)

Tier D

SecurityWeek4h ago

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

→ No new info (linked only)

Tier D

The Hacker News1d ago

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

→ No new info (linked only)

Tier D

BleepingComputer1d ago

Critical Fortinet FortiSandbox flaws now exploited in attacks

→ No new info (linked only)

Tier D

The Hacker News57d ago

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

→ No new info (linked only)

Tier D

Help Net Security59d ago

Week in review: Acrobat Reader flaw exploited, Claude Mythos offensive capabilities and limits

→ No new info (linked only)

Tier D

Help Net Security61d ago

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)

→ No new info (linked only)

Tier D

SecurityWeek63d ago

Fortinet Patches Critical FortiSandbox Vulnerabilities

→ No new info (linked only)

Tier D

Heise Security63d ago

Fortinet stopft 18 Sicherheitslecks

→ No new info (linked only)

Tier B

CCCS Canada63d ago

Fortinet security advisory (AV26-351)

→ No new info (linked only)

Tier C

VulDB63d ago

CVE-2026-39813 | Fortinet FortiSandbox/FortiSandbox Cloud up to 4.4.8/5.0.5 /filedir path traversal (FG-IR-26-112)

→ No new info (linked only)

Tier A

Fortinet PSIRT64d ago

Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox

→ No new info (linked only)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

5.0.6

CWECWE-24, CWE-77, CWE-287, CWE-269, CWE-122, CWE-89

PublishedApr 14, 2026

Last enriched4h agov5

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-39808EXPKEV

CVE-2026-39808: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F

Trending: 151

CRITICALCVE-2026-25089EXP

CVE-2026-25089: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F

Trending: 93

CRITICALCVE-2026-35616EXPKEV

CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta

Trending: 73

CRITICALCVE-2026-26083

CVE-2026-26083: A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, Fo

Trending: 68

MEDIUMCVE-2025-61624EXP

CVE-2025-61624: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet For

Trending: 57

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Added to CISA KEV

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: affectedVersions, patchAvailable, activelyExploited

Apr 14, 2026

Actively Exploited

Apr 15, 2026

Exploit Available

Apr 15, 2026

Patch Available

Apr 15, 2026

Updated: tags

Jun 16, 2026

Updated: description, exploitAvailable

Jun 16, 2026

Updated: description

Jun 17, 2026

Version History

Last enriched 4h ago

v5Tier D4h ago

Updated description to specify that CVE-2026-39813 allows an attacker to bypass authentication.

description

via SecurityWeek

v4Tier D1d ago

Updated description to specify the vulnerability is in the FortiSandbox JRPC API and marked exploit availability as true.

descriptionexploitAvailable

via The Hacker News

v3Tier D1d ago

Updated description with details on exploitation and added 'command injection' as a new tag.