CVE-2026-39808
Published: 14 April 2026
Summary
CVE-2026-39808 is a critical-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortisandbox. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-39808 by requiring timely patching of the OS command injection flaw in Fortinet FortiSandbox versions 4.4.0 through 4.4.8.
Requires validation and error handling at input interfaces to neutralize special elements and prevent OS command injection via untrusted inputs.
Enables vulnerability scanning to identify and remediate the specific OS command injection vulnerability in FortiSandbox before exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote OS command injection in public-facing FortiSandbox enables exploitation of public-facing application (T1190) and arbitrary Unix shell command execution (T1059.004).
NVD Description
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Deeper analysisAI
CVE-2026-39808 is an OS command injection vulnerability (CWE-78) affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.8. The issue arises from improper neutralization of special elements used in an OS command, which may allow an attacker to execute unauthorized code or commands via an unspecified attack vector. Published on 2026-04-14, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
An unauthenticated attacker with network access can exploit this vulnerability with low attack complexity and no user interaction required. Exploitation enables arbitrary OS command execution, granting high levels of control over confidentiality, integrity, and availability, potentially leading to complete system compromise.
Fortinet's advisory at https://fortiguard.fortinet.com/psirt/FG-IR-26-100 provides details on the vulnerability. A related GitHub repository at https://github.com/samu-delucas/CVE-2026-39808 is also referenced, offering additional resources for practitioners seeking mitigation or patch information.
Details
- CWE(s)