CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-39813

unknowncovered by 1 sourcefirst seen 2026-04-14
CVSSv3 Score: 9.1 A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests. Revised on 2026-04-14 00:00:00

CSIRTS triage

What
An unauthenticated attacker can bypass authentication and escalate privileges via crafted HTTP requests.
Who is affected
Deployments of FortiSandbox.
Urgency
This critical vulnerability requires immediate remediation to prevent unauthorized access and privilege escalation.
Action
Update FortiSandbox to the latest version to mitigate this vulnerability.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-39813

Get an email if CVE-2026-39813 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-39813

CVE.org record

Embed the live status

CVE-2026-39813 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-39813 status](https://www.csirts.com/badge/CVE-2026-39813)](https://www.csirts.com/cve/CVE-2026-39813)