cbcvebase.
CVE-2026-39808
published 2026-04-14

CVE-2026-39808: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via

Affected

12 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortisandbox
fortinetfortisandbox4.4.0 – 4.4.9
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas
fortinetfortisandbox_paas