← Back to Vulnerability Reports CVE Intelligence

CVE-2026-39813

Fortinet FortisandboxCRITICAL · CVSS 9.8 In the wild

What is CVE-2026-39813?

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

CVSS9.8 NVD 3.1
SeverityCRITICAL
Exploitation In the wild
EPSS24% · P98
Triage statusActive Exploit
ActionPatch within 48 hours
CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWECWE-24
NVD published2026-04-14
NVD last modified2026-04-20

Affected product

Fortinet Fortisandbox

Remediation Steps

  1. Apply the latest Fortinet security patch for FortiSandbox
  2. Restrict JRPC API access to internal networks only
  3. Monitor for suspicious path traversal attempts in API logs
  4. Review access controls for sandbox API endpoints

References

Coverage on defend.network

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Get Critical CVE Alerts

Subscribe free and hear about actively exploited CVEs like this one first.