CVE-2026-39808NVD

Vulnerability Summary

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Severity Level

CRITICAL(9.8)

Published Date

Apr 14, 2026

Last Modified

Apr 22, 2026

Exploitation Status

????

EPSS Score (30-Day)

25.45%Probability

Root Weakness (CWE)

CWE-78: OS Command Injection ↗

The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://fortiguard.fortinet.com/psirt/FG-IR-26-100
https://github.com/samu-delucas/CVE-2026-39808

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-39808NVD

Vulnerability Summary

External References