CVE-2026-39813 — Path Traversal: '../filedir' in Fortinet Fortisandbox

CWE-24 — Path Traversal: '../filedir'4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 81.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisandbox Fortinet Fortisandbox Cloud

Timeline

PublishedApr 14

Description

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/fortisandbox5.0.0 — 5.0.5+1

▶CVEListV5fortinet/fortisandbox_cloud5.0.4 — 5.0.5+2

🔴Vulnerability Details

CVEList

CVE-2026-39813: A path traversal: '↗2026-04-14

▶

GHSA

GHSA-5f64-p6cf-vvqg: A path traversal: '↗2026-04-14

▶

📋Vendor Advisories

Fortinet

Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox↗2026-04-14

▶