CVE-2026-39808

Confirmed PUBLISHED

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through...

Fortinet · FortiSandbox, FortiSandbox PaaS

34 days faster than CISA KEV

Exploited in the wild Active exploitation observed PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
272
Unique Attacker IPs
47
CISA KEV
In CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
9.1 Critical EPSS 84.2%

At a Glance

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via

edge nuclei_scanner cisa
CVE Published
Apr 14, 2026
Exploitation Reported
Jun 12, 2026
CVSS
9.1 Critical
EPSS
84.2%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Fortinet
FortiSandbox

4.4.0 to <= 4.4.8

Affected
Fortinet
FortiSandbox PaaS

23.4.4374

Affected
Fortinet
FortiSandbox PaaS

23.4.4350

Affected
Fortinet
FortiSandbox PaaS

23.3.4329

Affected
Fortinet
FortiSandbox PaaS

23.1.4245

Affected
Fortinet
FortiSandbox PaaS

22.2.4151

Affected
Fortinet
FortiSandbox PaaS

22.2.4134

Affected
Fortinet
FortiSandbox PaaS

22.1.4113

Affected
Fortinet
FortiSandbox PaaS

21.4.4072

Affected
Fortinet
FortiSandbox PaaS

21.3.4055

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.