AI description
Automated description summarized from trusted sources.
CVE-2026-39808 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw stems from the improper neutralization of special elements used in OS commands, which allows attackers to inject malicious commands into system operations. Successful exploitation of CVE-2026-39808 enables remote attackers to execute unauthorized code or commands on the target system. This can be achieved without requiring any authentication or user interaction, typically through specially crafted HTTP requests to an API endpoint.
- Description
- A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
- Source
- psirt@fortinet.com
- NVD status
- Modified
- Products
- fortisandbox
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-78
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94FFE14D-51FF-4D31-A0FD-5B0877081A04",
"versionEndIncluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]