What is the CVSS score of CVE-2026-39813?

CVE-2026-39813 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Fortinet are affected by CVE-2026-39813?

CVE-2026-39813 is a critical path traversal vulnerability in Fortinet FortiSandbox versions 4.4.0-4.4.8 and 5.0.0-5.0.5 that permits unauthenticated remote attackers to achieve complete system…

Is there a public PoC exploit available for CVE-2026-39813?

Yes, a public proof-of-concept exploit is available for CVE-2026-39813. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-39813?

Within 24 hours: Identify all FortiSandbox deployments running affected versions (4.4.0-4.4.8, 5.0.0-5.0.5) and isolate them from untrusted networks or disable remote access where operationally feasible. Within 7 days: Consult Fortinet advisory FG-IR-26-112 for definitive patch availability, mitigation guidance, and confirmed affected versions; prepare upgrade plan to patched releases. Within 30 days: Apply vendor-released patch immediately upon availability, or if no patch is released within this window, implement network-layer access controls (IP whitelisting, VPN-only access) to restrict path traversal attack surface.

Fortinet CVE-2026-39813

EUVD-2026-22344 CRITICAL

Path Traversal: '../filedir' (CWE-24)

2026-04-14 fortinet

Privilege Escalation Fortinet Path Traversal

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ENISA EUVD

HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 17, 2026 - 15:33 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 17, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Apr 14, 2026 - 17:03 vuln.today

CVSS changed

Apr 14, 2026 - 16:22 NVD

9.1 (CRITICAL) 9.8 (CRITICAL)

EUVD ID Assigned

Apr 14, 2026 - 16:00 euvd

EUVD-2026-22344

Analysis Generated

Apr 14, 2026 - 16:00 vuln.today

CVE Published

Apr 14, 2026 - 15:38 nvd

CRITICAL 9.8

DescriptionCVE.org

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

AnalysisAI

Path traversal in Fortinet FortiSandbox 4.4.0-4.4.8 and 5.0.0-5.0.5 enables remote unauthenticated attackers to achieve full system compromise. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), the vulnerability permits network-based exploitation without credentials or user interaction, leading to complete confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify internet-facing FortiSandbox

Delivery

Send HTTP request with '../' path traversal

Exploit

Access sensitive files or configuration

Install

Extract credentials or modify malware verdicts

Execute arbitrary code with elevated privileges

Execute

Establish persistence via modified system files

Impact

Exfiltrate threat intelligence data

Recon

Identify internet-facing FortiSandbox

Delivery

Send HTTP request with '../' path traversal

Exploit

Access sensitive files or configuration

Install

Extract credentials or modify malware verdicts

Execute arbitrary code with elevated privileges

Execute

Establish persistence via modified system files

Impact

Exfiltrate threat intelligence data

Vulnerability AssessmentAI

Exploitation	No special conditions - remote unauthenticated exploitation against default configurations of FortiSandbox web management interface or API endpoints. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.8 reflects maximum exploitability (network vector, low complexity, no authentication, no user interaction) with complete system impact across confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Remote attacker crafts HTTP requests to FortiSandbox's web interface or API containing directory traversal sequences ('../') in file path parameters. Without authentication, the attacker navigates outside intended directories to access sensitive system files, configuration databases containing credentials, or overwrite critical executables. …
Remediation	Upgrade FortiSandbox on-premise appliances to versions beyond 5.0.5 or 4.4.8 as specified in Fortinet advisory FG-IR-26-112 (https://fortiguard.fortinet.com/psirt/FG-IR-26-112). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all FortiSandbox deployments running affected versions (4.4.0-4.4.8, 5.0.0-5.0.5) and isolate them from untrusted networks or disable remote access where operationally feasible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-39813 vulnerability details – vuln.today

Back

Fortinet CVE-2026-39813

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code