{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39813", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2026-04-07T15:24:13.846Z", "datePublished": "2026-04-14T15:38:30.311Z", "dateUpdated": "2026-04-15T03:58:20.016Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "cpes": ["cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "5.0.0", "lessThanOrEqual": "5.0.5", "status": "affected"}, {"versionType": "semver", "version": "4.4.0", "lessThanOrEqual": "4.4.8", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSandbox Cloud", "cpes": ["cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "24.1", "status": "affected"}, {"version": "23.4", "status": "affected"}, {"versionType": "semver", "version": "5.0.4", "lessThanOrEqual": "5.0.5", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:30.311Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-24", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-39813"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T03:58:20.016Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39813", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T16:16:29.761335Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:36:55.508Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSandbox", "versions": [{"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.5"}, {"status": "affected", "version": "4.4.0", "versionType": "semver", "lessThanOrEqual": "4.4.8"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSandbox Cloud", "versions": [{"status": "affected", "version": "24.1"}, {"status": "affected", "version": "23.4"}, {"status": "affected", "version": "5.0.4", "versionType": "semver", "lessThanOrEqual": "5.0.5"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112"}], "descriptions": [{"lang": "en", "value": "A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-24", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:30.311Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39813", "state": "PUBLISHED", "dateUpdated": "2026-04-15T03:58:20.016Z", "dateReserved": "2026-04-07T15:24:13.846Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-04-14T15:38:30.311Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "0025C9C0-8D61-4563-96F9-F4E09DD83B26", "versionEndExcluding": "4.4.9", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AAEF316-2134-4398-911C-E7532CD3AFF2", "versionEndExcluding": "5.0.6", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>"}], "id": "CVE-2026-39813", "lastModified": "2026-04-20T19:11:30.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-04-14T16:16:45.680", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-24"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.0,5.0.5]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.4.0,4.4.8]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiSandbox", "source": "cna", "vendor": "Fortinet"}, "product": "fortisandbox", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "24.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "23.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.4,5.0.5]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiSandbox Cloud", "source": "cna", "vendor": "Fortinet"}, "product": "fortisandboxcloud", "vendor": "fortinet"}], "analysis": {"en": {"generated_at": "2026-04-14T17:37:28.773307+00:00", "value": {"mitigation_remediation": ["Upgrade FortiSandbox to version 5.2.0 or later", "If 5.2.0 is unavailable, upgrade to version 5.0.6 or later", "If those are not feasible, upgrade to version 4.4.9 or later", "Verify the current FortiSandbox version and confirm the patch has been applied"], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Fortinet FortiSandbox and FortiSandbox Cloud are affected. Versions 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5 are vulnerable. The issue exists in both the on\u2011premises FortiSandbox appliance and the cloud service.", "description_and_impact": "A directory traversal flaw allows an attacker to specify paths outside the intended sandbox environment, enabling them to access or modify files that are normally protected. This can break out of the sandbox and grant the attacker higher privileges, potentially compromising the host system and all data it manages. The weakness is a classic path traversal issue.", "risk_and_exploitability": "The CVSS base score of 9.1 marks this flaw as critical. No EPSS score is available, and it is not listed in the CISA KEV catalog, so the exact exploitation frequency is unclear. The likely path to exploitation involves a network\u2011reachable interface where the attacker can supply a crafted path that includes '../' sequences to escape the sandbox. Once the traversal is successful, the attacker can gain elevated privileges on the FortiSandbox host."}}}}, "created": "2026-04-15T14:41:09.654680+00:00", "title": "Privilege Escalation via Path Traversal in FortiSandbox", "updated": "2026-04-15T15:30:06.812525+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$fortisandbox", "fortinet$PRODUCT$fortisandboxcloud"]}