CVE 9.1 CRITICAL

CVE-2026-39808_CVE-2026-39808

April 14, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

AI Analysis

OS command injection vulnerability allowing execution of unauthorized code or commands

Basic Information

ID CVE-2026-39808

Source fortinet

Published Apr 14, 2026 at 15:38

Affected Product

Vendor Fortinet

Product FortiSandbox

Version 4.4.0

Affected Versions Fortinet FortiSandbox 4.4.0
Fortinet FortiSandbox PaaS 23.4.4374
Fortinet FortiSandbox PaaS 23.4.4350
Fortinet FortiSandbox PaaS 23.3.4329
Fortinet FortiSandbox PaaS 23.1.4245
Fortinet FortiSandbox PaaS 22.2.4151
Fortinet FortiSandbox PaaS 22.2.4134
Fortinet FortiSandbox PaaS 22.1.4113
Fortinet FortiSandbox PaaS 21.4.4072
Fortinet FortiSandbox PaaS 21.3.4055

CWE Classification

CWE-78

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Fortinet

Product FortiSandbox

Version 4.4.0, 4.4.8, 23.4.4374, 23.4.4350, 23.3.4329, 23.1.4245, 22.2.4151, 22.2.4134, 22.1.4113, 21.4.4072, 21.3.4055

References

fortiguard.fortinet.com /psirt/FG-IR-26-100

{
    "lastseen": "",
    "description": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>",
    "published": "2026-04-14T15:38:02.089Z",
    "modified": "2026-04-14T15:38:02.089Z",
    "type": "cve",
    "title": "CVE-2026-39808",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-26-100",
    "id": "CVE-2026-39808",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiSandbox 4.4.0\nFortinet FortiSandbox PaaS 23.4.4374\nFortinet FortiSandbox PaaS 23.4.4350\nFortinet FortiSandbox PaaS 23.3.4329\nFortinet FortiSandbox PaaS 23.1.4245\nFortinet FortiSandbox PaaS 22.2.4151\nFortinet FortiSandbox PaaS 22.2.4134\nFortinet FortiSandbox PaaS 22.1.4113\nFortinet FortiSandbox PaaS 21.4.4072\nFortinet FortiSandbox PaaS 21.3.4055",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiSandbox",
    "version": "4.4.0",
    "vendor": "Fortinet",
    "ai_description": "OS command injection vulnerability allowing execution of unauthorized code or commands",
    "ai_severity": "Critical",
    "ai_vendor": "Fortinet",
    "ai_product": "FortiSandbox",
    "ai_version": "4.4.0, 4.4.8, 23.4.4374, 23.4.4350, 23.3.4329, 23.1.4245, 22.2.4151, 22.2.4134, 22.1.4113, 21.4.4072, 21.3.4055",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply