CVE-2026-39812

🔶 medium

Summary

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVSS Score

4.8

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-04-14

First Seen: 2026-04-15

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 13.8% of all 321,566 vulnerabilities in our database.

#277,081

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Apr 14, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-04-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

📦 Affected Products 7

Vendor	Product	Status	Affected Versions
fortinet	fortisandbox	Affected	> 4.2.0 < 4.2.8
fortinet	fortisandbox	Affected	> 4.4.0 < 4.4.9
fortinet	fortisandbox	Affected	> 5.0.0 < 5.0.6
fortinet	fortisandbox_cloud	Affected	> 22.2.4134 < 23.1.4260
fortinet	fortisandbox_cloud	Affected	> 23.3.4329 < 24.1.4436
fortinet	fortisandbox_cloud	Affected	v5.0.4
fortinet	fortisandbox_cloud	Affected	v5.0.5

🔗 References 1

https://fortiguard.fortinet.com/psirt/FG-IR-26-110

Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-26083	⛔ critical	9.8	0.1	A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, Fo...	2026-05-12
CVE-2026-39808	⛔ critical	9.8	0.3	A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F...	2026-04-14
CVE-2026-39813	⛔ critical	9.8	0.1	A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4....	2026-04-14
CVE-2025-53608	🔶 medium	4.8	0.0	An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerabi...	2026-03-10
CVE-2026-25836	⚠️ high	7.2	0.1	An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet ...	2026-03-10
CVE-2025-52436	⚠️ high	8.8	0.2	An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerabi...	2026-02-10

These CVEs affect the same products