CVE-2026-39812_CVE-2026-39812

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C

Description

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Basic Information

ID CVE-2026-39812

Source fortinet

Published Apr 14, 2026 at 15:38

Affected Product

Vendor Fortinet

Product FortiSandbox

Version 5.0.0

Affected Versions Fortinet FortiSandbox 5.0.0
Fortinet FortiSandbox 4.4.0
Fortinet FortiSandbox 4.2.1
Fortinet FortiSandbox PaaS 5.0.0
Fortinet FortiSandbox PaaS 4.4.0
Fortinet FortiSandbox PaaS 4.2.1

CWE Classification

CWE-79

References

fortiguard.fortinet.com /psirt/FG-IR-26-110

{
    "lastseen": "",
    "description": "A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>",
    "published": "2026-04-14T15:38:18.366Z",
    "modified": "2026-04-14T15:38:18.366Z",
    "type": "cve",
    "title": "CVE-2026-39812",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110",
    "id": "CVE-2026-39812",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiSandbox 5.0.0\nFortinet FortiSandbox 4.4.0\nFortinet FortiSandbox 4.2.1\nFortinet FortiSandbox PaaS 5.0.0\nFortinet FortiSandbox PaaS 4.4.0\nFortinet FortiSandbox PaaS 4.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiSandbox",
    "version": "5.0.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}