AI description
Automated description summarized from trusted sources.
CVE-2026-39813 is a path traversal vulnerability identified in Fortinet FortiSandbox. This flaw, specifically a '../filedir' path traversal, exists within the FortiSandbox JRPC API due to insufficient input validation. Exploitation of this vulnerability allows an unauthenticated attacker to bypass authentication and potentially escalate privileges on the system by sending specially crafted HTTP requests. The affected versions include FortiSandbox 4.4.0 through 4.4.8 and FortiSandbox 5.0.0 through 5.0.5.
- Description
- A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortisandbox
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-24
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
5
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0025C9C0-8D61-4563-96F9-F4E09DD83B26",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AAEF316-2134-4398-911C-E7532CD3AFF2",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]