OS Command Injection Vulnerability in Fortinet FortiSandbox
CVE-2026-39808

9.1CRITICAL

Key Information:

Vendor

Fortinet
Status
Fortisandbox
Fortisandbox Paas
Vendor
CVE Published:
14 April 2026

Badges

📈 Trended📈 Score: 1,660👾 Exploit Exists🟡 Public PoC🟣 EPSS 23%📰 News Worthy

What is CVE-2026-39808?

CVE-2026-39808 is a notable vulnerability affecting Fortinet's FortiSandbox, a security appliance designed to provide advanced threat detection and prevention by analyzing potentially malicious files in a controlled environment. This specific vulnerability arises from improper neutralization of special elements, leading to an OS command injection flaw. Such a weakness enables attackers to execute unauthorized commands on the underlying operating system. The potential for code execution could allow malicious users to manipulate system processes, access sensitive data, or even maintain persistent control over affected systems. The severity of this vulnerability is particularly concerning for organizations relying on FortiSandbox for cybersecurity, as it may compromise the integrity of their defenses against sophisticated threats.

Potential Impact of CVE-2026-39808

  1. Unauthorized Command Execution: The successful exploitation of this vulnerability can allow attackers to execute arbitrary commands on the affected systems, potentially leading to unauthorized access and control.

  2. Data Compromise: With the ability to run unauthorized commands, attackers might gain access to sensitive data stored within FortiSandbox or connected networks, exposing organizations to data breaches.

  3. System Integrity Threat: The exploitation could lead to modifications or manipulations of system settings and configurations, undermining the overall security posture of the organization and causing disruptions in normal operational functions.

Affected Version(s)

FortiSandbox 4.4.0 <= 4.4.8

FortiSandbox PaaS 23.4.4374

FortiSandbox PaaS 23.4.4350

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

FortiSandbox-RCE-Exploit-CVE-2026-39808
Created by ynsmroztas

CVE-2026-39808
Created by samu-delucas

News Articles

favicon imageIt Security News

PoC Exploit Released for FortiSandbox Vulnerability that Allows Attacker to Execute Commands - IT Security News

A proof-of-concept (PoC) exploit has been publicly released for a critical vulnerability in Fortinet’s FortiSandbox product, tracked as CVE-2026-39808. The flaw allows an unauthenticated attacker to execute arbitrary operating system commands as root, the highest privilege level, without requiring a...

favicon imageIt Security News

PoC Released for FortiSandbox Flaw Enabling Arbitrary Command Execution - IT Security News

A proof-of-concept (PoC) exploit has been publicly released for a critical security flaw in Fortinet’s FortiSandbox. Tracked as CVE-2026-39808, this severe vulnerability allows an unauthenticated attacker to execute arbitrary commands on the underlying operating system with the highest level of…Read...

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-100

EPSS Score

23% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by It Security News

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.