CVE-2026-39813

CRITICAL

Fortinet FortiSandbox < 5.0.5 - Path Traversal

Title source: rule

Description

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

Exploits (1)

nomisec WRITEUP

by 0xBlackash · poc

https://github.com/0xBlackash/CVE-2026-39813

View Code ZIP pw:eip

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-26-112

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-24

Status published

Products (6)

Fortinet/FortiSandbox 4.4.0 - 4.4.8

fortinet/fortisandbox 4.4.0 - 4.4.9

Fortinet/FortiSandbox 5.0.0 - 5.0.5

Fortinet/FortiSandbox Cloud 23.4

Fortinet/FortiSandbox Cloud 24.1

Fortinet/FortiSandbox Cloud 5.0.4 - 5.0.5

Published Apr 14, 2026

Tracked Since Apr 14, 2026