Path Traversal Vulnerability in Fortinet FortiSandbox Products
CVE-2026-39813

9.1CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortisandbox; Fortisandbox Cloud
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-39813?

A path traversal vulnerability exists in Fortinet's FortiSandbox, affecting versions 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8. This vulnerability may enable attackers to exploit the system by manipulating file directories, potentially leading to privilege escalation. Proper input validation is crucial to mitigating this risk and ensuring secure operation of affected products.

Affected Version(s)

FortiSandbox 5.0.0 <= 5.0.5

FortiSandbox 4.4.0 <= 4.4.8

FortiSandbox Cloud 24.1

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-112

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Apr 7, 2026

CVE-2026-39813 Data

JSON