← back
CVE-2026-39813

CVE-2026-39813

CVSS 9.1 CRITICALEPSS 16.7%CWE-24
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via specially crafted HTTP requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Affected products
Fortinet · FortiSandboxFortinet · FortiSandbox Cloud
public PoCs found1
githubgithub.com/HORKimhab/CVE-2026-398130
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.fortinet.com/psirt/FG-IR-26-112