Sign-up

ID

VAR-202604-2629


CVE

CVE-2026-39813


TITLE

fortinet's FortiSandbox Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-011924

DESCRIPTION

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>. Fortinet FortiSandbox version of 5.0.0 from 5.0.5 ,and 4.4.0 from 4.4.8 in '../filedir' A path traversal vulnerability exists. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-39813 // JVNDB: JVNDB-2026-011924

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:gteversion:5.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.4.9

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:5.0.6

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:5.0.0 that's all 5.0.6

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0 that's all 4.4.9

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-011924 // NVD: CVE-2026-39813

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2026-39813
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2026-011924
value: CRITICAL

Trust: 0.8

psirt@fortinet.com: CVE-2026-39813
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-011924
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-011924 // NVD: CVE-2026-39813

PROBLEMTYPE DATA

problemtype:CWE-24

Trust: 1.0

problemtype:path traversal (../filedir)(CWE-24) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-011924 // NVD: CVE-2026-39813

PATCH

title:PSIRT | FortiGuard Labsurl:https://fortiguard.fortinet.com/psirt/FG-IR-26-112

Trust: 0.8

sources: JVNDB: JVNDB-2026-011924

EXTERNAL IDS

db:NVDid:CVE-2026-39813

Trust: 2.6

db:JVNDBid:JVNDB-2026-011924

Trust: 0.8

sources: JVNDB: JVNDB-2026-011924 // NVD: CVE-2026-39813

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-26-112

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-39813

Trust: 0.8

sources: JVNDB: JVNDB-2026-011924 // NVD: CVE-2026-39813

SOURCES

db:JVNDBid:JVNDB-2026-011924
db:NVDid:CVE-2026-39813

LAST UPDATE DATE

2026-06-19T23:21:56.883000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-011924date:2026-04-21T01:45:00
db:NVDid:CVE-2026-39813date:2026-04-20T19:11:30.867

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-011924date:2026-04-21T00:00:00
db:NVDid:CVE-2026-39813date:2026-04-14T16:16:45.680