Fortinet FortiSandbox: Malicious Code Execution via Web Input

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.8

Fortinet FortiSandbox: Malicious Code Execution via Web Input

CVE-2026-39812

Summary

Fortinet's FortiSandbox products, used for security analysis, have a security flaw that could allow an attacker to inject and execute malicious code on your system. This could lead to unauthorized actions being taken on your system. To protect yourself, update your FortiSandbox software to the latest version as soon as possible.

Original title

Original description

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

nvd CVSS3.1 4.8

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://fortiguard.fortinet.com/psirt/FG-IR-26-110

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026