🚨 Fortinet just disclosed CVE-2026-39808 and CVE-2026-39813 - 2 critical vulnerabilities affecting FortiSandbox. No active exploitation itw reported as of yet.
Scan your infrastructure to find vulnerable instances:
CVE-2026-39808: https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-39808.yaml
CVE-2026-39813: https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-39813.yaml
CVE-2026-39808 (CVSS 9.1):
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.
CVE-2026-39813 (CVSS 9.1):
A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests.
Patches are available as per vendor advisories:
https://fortiguard.fortinet.com/psirt/FG-IR-26-112
https://fortiguard.fortinet.com/psirt/FG-IR-26-100
Loading comments...