CVE-2026-39813
Analyzed
Published: 14 Apr 2026, 15:38
Last modified:18 Jun 2026, 09:01
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
16.74% MEDIUM
17% probability -1.96%
KEV
Listed
CIRCL
1 listing
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Apr 2026, 15:38
Published
Vulnerability first disclosed
18 Jun 2026, 09:01
Last Modified
Vulnerability information updated
22 Jun 2026, 00:00
Added to CIRCL KEV
Added to Known Exploited Vulnerabilities catalog
Description
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>
CVSS Metrics
- v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 16.74%• Percentile: 97%
Techniques & Countermeasures
- CWE-24•Path Traversal: '../filedir'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
Affected Systems
- fortinet•fortisandbox
≥ 4.4.0, < 4.4.9 | ≥ 5.0.0, < 5.0.6 | ≥ 5.0.0, ≤ 5.0.5 | ≥ 4.4.0, ≤ 4.4.8
- fortinet•fortisandbox cloud
24.1 | 23.4 | ≥ 5.0.4, ≤ 5.0.5