vulnerability context

CVE-2026-39813

CVSS 9.8 CRITICALEPSS 97%CWE-24OTX 8 pulses

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via specially crafted HTTP requests.

Published 2026-04-14 · last modified 2026-06-18

details

CISA KEV status: Not in catalog
CVSS v3: 9.8 / CRITICAL
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 97% percentile (score 0.1674)
CWE: CWE-24
OTX pulses: 8 total, 0 recent

View on NVD → · cve.org

source mentions 3

[CyberNetSecIO] 🚨 ACTIVE EXPLOITATION: Threat actors are chaining three FortiSandbox vulnerabilities (CVE-2026-39813, et al.) f...Bluesky · 3h ago
[DIESEC] FortiSandbox — 3 critical CVEs actively exploited since June 15. CVE-2026-39813 (CVSS 9.1): no credentials, port 443, ....Bluesky · 4d ago
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last WeekThe Hacker News · 7d ago

source consensus

Bluesky2×
The Hacker News1×

Want the 3-bullet summary of CVE-2026-39813, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →