cbcvebase.
CVE-2026-39815
published 2026-04-14

CVE-2026-39815: A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.36%
27.8th percentile
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests

Affected

4 ranges
VendorProductVersion rangeFixed in
fortinetfortiddos
fortinetfortiddos-f>= 7.2.1 < 7.2.37.2.3
fortinetfortiddos-f7.2.1 – 7.2.2
fortinetfortinet

Detection & IOCsextracted from sources · hover to see the quote

  • Detect SQL injection attempts targeting FortiDDoS-F API endpoints via crafted HTTP requests
  • Monitor for anomalous or malformed HTTP requests to FortiDDoS-F API (versions 7.2.1–7.2.2) containing SQL metacharacters or injection payloads in request parameters
  • ·Vulnerability affects FortiDDoS-F versions 7.2.1 through 7.2.2 only; ensure detection scope is limited to these versions
  • ·The attack vector is HTTP-based API requests; ensure API endpoints are not exposed to untrusted networks and HTTP traffic to the management interface is logged for forensic review
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.