Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FCC Bans Chinese Telecom Equipment From Huawei, ZTE, Others Over Security Risks
July 2, 2026
Critical JetBrains Flaws Allow Auth Bypass, Code Execution
July 2, 2026
Critical Microsoft Defender, Sysmon Flaw Lets Attackers Disable Security
July 2, 2026
Home/CyberSecurity News/Critical FortiSandbox Flaws Let Attackers Execute Commands
CyberSecurity News

Critical FortiSandbox Flaws Let Attackers Execute Commands

Key Takeaways Fortinet has revealed two critical vulnerabilities in its FortiSandbox platform, both scoring 9.1 on the CVSSv3 scale. These flaws, disclosed on April 14, 2026, could allow...

Jennifer sherman
Jennifer sherman
April 14, 2026 3 Min Read
24 0

Key Takeaways

  • Fortinet has revealed two critical vulnerabilities in its FortiSandbox platform, both scoring 9.1 on the CVSSv3 scale.
  • These flaws, disclosed on April 14, 2026, could allow unauthenticated attackers to execute arbitrary commands and bypass authentication.
  • Multiple versions of FortiSandbox are affected, including 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5.
  • Patches are available, and immediate upgrades to FortiSandbox 4.4.9+ or 5.0.6+ are strongly recommended.

Critical FortiSandbox Flaws Open Door to Remote Command Execution and Authentication Bypass

Fortinet has issued a high-priority alert regarding two severe security vulnerabilities within its FortiSandbox product line. Both issues have received a CVSSv3 score of 9.1, indicating critical severity. These flaws, publicly disclosed on April 14, 2026, pose a substantial risk to enterprise security, potentially allowing unauthenticated remote attackers to execute arbitrary commands and completely circumvent authentication mechanisms on affected systems.

Table Of Content

  • Key Takeaways
  • Critical FortiSandbox Flaws Open Door to Remote Command Execution and Authentication Bypass
  • OS Command Injection Flaw (CVE-2026-39808)
  • Affected Versions and Remediation for CVE-2026-39808
  • Authentication Bypass via Path Traversal (CVE-2026-39813)
  • Affected Versions and Remediation for CVE-2026-39813
  • What You Should Do

OS Command Injection Flaw (CVE-2026-39808)

The first vulnerability, identified as CVE-2026-39808, is an improper neutralization of special elements used in an OS command, categorized under CWE-78. This flaw resides within the FortiSandbox API component.

Exploitation is possible by an unauthenticated attacker sending specially crafted HTTP requests. This allows for unauthorized code or command execution. The attack vector is network-based, requires no authentication, and has low complexity, making it a high-impact threat. A successful exploit could lead to a complete compromise of the sandbox environment, directly undermining its intended function of threat analysis and containment.

Affected Versions and Remediation for CVE-2026-39808:

  • FortiSandbox versions 4.4.0 through 4.4.8 are vulnerable; users must upgrade to 4.4.9 or a later version.
  • FortiSandbox 5.0 is not affected.
  • FortiSandbox PaaS 5.0 is not impacted and requires no action.

This vulnerability was responsibly reported by Samuel de Lucas Maroto from KPMG Spain, and Fortinet has acknowledged his contribution.

Authentication Bypass via Path Traversal (CVE-2026-39813)

The second critical vulnerability, CVE-2026-39813, is a path traversal flaw (CWE-24) affecting the FortiSandbox JRPC API. This weakness allows an unauthenticated attacker to bypass authentication controls through specially crafted HTTP requests, primarily leading to privilege escalation.

Like the first vulnerability, CVE-2026-39813 also carries a CVSSv3 score of 9.1. It requires no user interaction or prior authentication, making it equally dangerous in any exposed deployment. This vulnerability was discovered and reported internally by Loic Pantano of Fortinet PSIRT.

Affected Versions and Remediation for CVE-2026-39813:

  • FortiSandbox versions 5.0.0 through 5.0.5 are vulnerable; an upgrade to 5.0.6 or a later version is required.
  • FortiSandbox versions 4.4.0 through 4.4.8 are also vulnerable; users must upgrade to 4.4.9 or a later version.
  • FortiSandbox 5.2 and 4.2 are not affected.

As of this publication, there is no evidence that either vulnerability has been exploited in the wild. However, given their critical severity and unauthenticated attack vectors, organizations should treat these disclosures with the highest priority.

What You Should Do

  • Immediately apply the recommended patches by upgrading FortiSandbox to version 4.4.9 (for 4.4.x branches) or 5.0.6 (for 5.0.x branches) or later.
  • Audit all FortiSandbox deployments to confirm their exposure status.
  • As a temporary mitigation while patches are being deployed, restrict API access to FortiSandbox to only trusted networks and hosts.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical Synology VPN Vulnerabilities Let Attackers Access Sensitive Files

Next Post

Critical etcd Auth Bypass Flaw CVE-2023-XXXX Allows Unauthorized API Access

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
WinRAR 7.23 Patches Critical Heap Overflow Vulnerability CVE-2024-XXXX
July 2, 2026
Medtronic Confirms Data Breach, Corporate IT Systems Compromised
July 2, 2026
Critical ClamAV Vulnerabilities Let Attackers Trigger DoS
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us