vulnerability context

CVE-2026-39808

CVSS 9.8 CRITICALEPSS 99%CWE-78OTX 8 pulses

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Published 2026-04-14 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 9.8 / CRITICAL
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 99% percentile (score 0.4867)
CWE: CWE-78
OTX pulses: 8 total, 0 recent

View on NVD → · cve.org

source mentions 2

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last WeekThe Hacker News · 7d ago
[CyberHub] 📌 CVE-2026-39808 - A improper neutralization of special elements used in an os command ('os command injection') vuln...Bluesky:@cyberhub.blog · 19d ago

source consensus

The Hacker News1×
Bluesky:@cyberhub.blog1×

Want the 3-bullet summary of CVE-2026-39808, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →