← Back to Vulnerability Reports CVE Intelligence

CVE-2026-39808

Fortinet FortisandboxCRITICAL · CVSS 9.8 In the wild

What is CVE-2026-39808?

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVSS9.8 NVD 3.1
SeverityCRITICAL
Exploitation In the wild
EPSS66% · P99
Triage statusActive Exploit
ActionPatch within 48 hours
CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWECWE-78
NVD published2026-04-14
NVD last modified2026-04-22

Affected product

Fortinet Fortisandbox

Remediation Steps

  1. Apply the Fortinet security update for the reported FortiSandbox vulnerability
  2. Review Fortinet security advisories for vulnerability details and mitigations
  3. Validate patch deployment across all FortiSandbox instances

References

Coverage on defend.network

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Get Critical CVE Alerts

Subscribe free and hear about actively exploited CVEs like this one first.