CVE-2026-39808 | THREATINT

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

PUBLISHED Reserved 2026-04-07 | Published 2026-04-14 | Updated 2026-04-22 | Assigner fortinet

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Problem types

Execute unauthorized code or commands

Product status

Default status

unaffected

4.4.0 (semver)

affected

Default status

unaffected

23.4.4374

affected

23.4.4350

affected

23.3.4329

affected

23.1.4245

affected

22.2.4151

affected

22.2.4134

affected

22.1.4113

affected

21.4.4072

affected

21.3.4055

affected

References

github.com/samu-delucas/CVE-2026-39808 exploit

fortiguard.fortinet.com/psirt/FG-IR-26-100

cve.org (CVE-2026-39808)

nvd.nist.gov (CVE-2026-39808)

Download JSON