Critical severity9.8NVD Advisory· Published Apr 14, 2026· Updated Apr 20, 2026
CVE-2026-39813
CVE-2026-39813
Description
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*range: >=4.4.0,<4.4.9
- (no CPE)range: 5.0.0 through 5.0.5, 4.4.0 through 4.4.8
Patches
Vulnerability mechanics
References
1- fortiguard.fortinet.com/psirt/FG-IR-26-112nvdVendor Advisory
News mentions
9- 22nd June – Threat Intelligence ReportCheck Point Research · Jun 22, 2026
- Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attackHelp Net Security · Jun 21, 2026
- Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in AprilCyberScoop · Jun 17, 2026
- 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker CrosshairsSecurityWeek · Jun 17, 2026
- Three critical Fortinet sandbox bugs splattered by unknown attackersThe Register Security · Jun 16, 2026
- Critical Fortinet FortiSandbox Vulnerabilities Actively Exploited in AttacksCyber Security News · Jun 16, 2026
- Attackers are exploiting FortiSandbox vulnerabilitiesHelp Net Security · Jun 16, 2026
- Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last WeekThe Hacker News · Jun 16, 2026
- Critical Fortinet FortiSandbox flaws now exploited in attacksBleepingComputer · Jun 16, 2026