Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox
CVSSv3 Score: 9.1 A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests. Revised on 2026-04-14 00:00:00
CSIRTS triage
- What
- An unauthenticated attacker can bypass authentication and escalate privileges via crafted HTTP requests.
- Who is affected
- Deployments of FortiSandbox.
- Urgency
- This critical vulnerability requires immediate remediation to prevent unauthorized access and privilege escalation.
- Action
- Update FortiSandbox to the latest version to mitigate this vulnerability.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch FortiSandbox
Get an email when a new FortiSandbox advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://fortiguard.fortinet.com/psirt/FG-IR-26-112
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Elevated exploitation riskCVE-2026-3981316.7% 30-day exploitation probability — well above the norm. Schedule remediation this cycle. Riskier than 97% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-39813 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for Unauthenticated Authentication bypass
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalCVE-2026-58122: Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unaut…nvd · 2026-07-09
- mediumCVE-2026-12352: This vulnerability allows an unauthenticated actor to bypass authentication and gain access to…nvd · 2026-07-07
- criticalCVE-2026-5268: An authentication bypass vulnerability exists in the default SFTP server component utilized acr…nvd · 2026-07-06
- mediumCVE-2026-35159: Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability.…nvd · 2026-07-03
- highCVE-2026-59092: JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerabilit…nvd · 2026-07-02
- unknownCVE-2026-58399: @acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.…nvd · 2026-07-01
More from Fortinet FortiGuard PSIRT
- unknownRestricted CLI escape using Lua2026-06-09
- unknownImproper access control in API endpoints2026-06-09
- unknownSecond-Order OS Command Injection via JSON Input on start vnc feature2026-06-09
- unknownLinux Kernel vulnerability Dirty Frag2026-06-03
- unknownLinux Kernel Vulnerability copy.fail - CVE-2026-314312026-05-13