CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-39808

unknowncovered by 1 sourcefirst seen 2026-04-14
CVSSv3 Score: 9.1 An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests. Revised on 2026-04-14 00:00:00

CSIRTS triage

What
An unauthenticated attacker may execute unauthorized commands via crafted HTTP requests.
Who is affected
Users of FortiSandbox.
Urgency
Remediation is critical due to the high severity of potential exploitation.
Action
Apply security patches as soon as they are available.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-39808

Get an email if CVE-2026-39808 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-39808

CVE.org record

Embed the live status

CVE-2026-39808 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-39808 status](https://www.csirts.com/badge/CVE-2026-39808)](https://www.csirts.com/cve/CVE-2026-39808)